A huge part of the things we do in our day-to-day lives can now be done online – from shopping, business correspondence, and keeping in touch with friends, to bank transactions and bills payment. The COVID-19 pandemic has expanded this list of online activities and has proven that even medical consultations, children’s classes, and certain jobs can actually be done via the internet. More and more businesses have created online platforms to accommodate the needs of the times. However, with broader digitalization comes more vulnerabilities and, along with that, the need for stronger security measures. Just like that, passwords aren’t just enough anymore. To protect our online presence and digital accounts & profiles, we now need two-factor authentication, or even multiple ones.
What is Two-Factor Authentication or 2FA?
Two-factor authentication is an additional layer of security designed to protect your online accounts. With 2FA, you are required to enter another login credential after your username and your password. Failure to enter this second access method means that you cannot gain access to your online account.
Needless to say, setting up a two-factor authentication system is an effective way of protecting your personal data, especially sensitive ones, from cyber threats. Hackers will not be able to access your account even if they’ve figured out or have successfully stolen your password or your initial login details.
3 Factors or Methods of Two-Factor Authentication
You can use different methods or factors to secure your online account with a 2FA. Pick any two factors that you are confident using or you think work best for you. Using all three factors already constitutes MFA or multiple factor authentication.
- Knowledge Factor (Something You Know). You can set up a 2FA system that requires you to key in the information that only you know. This could be a password, a personal identification number or PIN, a certain keystroke pattern, or an answer to a security question.
- Possession Factor (Something You Have). You can use a separate device to receive additional login details. This could be your smartphone, your tablet, a small security hardware token, or even a credit card. For example, to confirm a certain bank transaction using your online bank account, you will need to enter a code sent to your mobile phone number.
- Inherence or Biometric (Something You Are). This advanced 2FA method uses biometric patterns like that of your fingerprint, voice print, or retina scans.
Do Not Confuse with 2-Step Authentication!
Some people use two-factor authentication and two-step authentication interchangeably. However, these two terms are not the same. Two-step authentication is when the authentication process uses two controls that are of the same factor. Simply put, a two-step authentication is a single-factor authentication.
Needless to say, two-factor authentication provides stronger security than two-step authentication.
How Does 2FA Work?
Two-factor authentication uses two authentication methods that are not related to each other to make your account secure. This second layer of authentication needs to be verified with something you know, something you have, or something that’s a part of yourself in addition to your usual login details (i.e. your username or email and your password).
For instance, your 2FA system may ask you a security question that you have chosen earlier. You will have to provide the correct answer to this question before you could enter your account.
There’s also a 2FA system that interacts directly with your smartphone. It sends you a login code called a one-time password or OTP via SMS or text message to your mobile device number, which you have earlier registered or paired with your account. Of all the 2FA methods, this is the most streamlined and is one of the most commonly used for personal accounts.
There’s also a voice-based 2FA, wherein the system dials your mobile number and delivers the 2FA code verbally. This 2FA method isn’t as common as the SMS-based 2FA.
You can also use an authentication app 2FA method, which requires a mobile application to generate your authentication code. You will have to enter this code to open your account. The most popular authentication app is Microsoft Authenticator.
Then there are hardware tokens, which are small key fobs that generate a new numeric code every several seconds. When you want to access your account, you simply look at your hardware token and key in the code being displayed on it. Some tokens can be plugged into your computer’s USB port and they will automatically transfer the code.
Now, if there are hardware tokens, there are also software tokens. This method uses a time-based OTP that is generated by a software. This OTP is usually valid for a minute or less. You will be required to download and install a 2FA app on your computer or smartphone and use this app on any site as long as it supports this kind of authentication.
Meanwhile, with biometric 2FA, you will need to input a unique pattern that you have on your physical person in order to access your account. Common methods include retina scans and fingerprints. For retina scans, you will need a camera on your computer or mobile device, and for fingerprints, you will need a touch-sensitive screen on your mobile phone or tablet.
How Important is Two-Factor Authentication?
Cybercrime has gotten more aggressive and more sophisticated in recent years. So, organizations with their own online systems are finding their old security tools inadequate or inept at thwarting threats and attacks like data theft, identity fraud, ransomware, cyber extortion, and cyber espionage, among others. Many organizations have suffered financial loss, lack of consumer trust, and reputational damage after falling victim to cybercrime.
Individual users or consumers also find themselves targeted and at risk. They become prey to phishing and malware attacks. Their credentials can get stolen and they can get locked out of their own accounts. Their bank and financial data can get used by other people to siphon out their money.
Cybercrimes have gotten worse year after year. According to a report by the Internet Crime Complaint Center, the number of cybercrime complaints they have received increased from over 791,000 in 2020 to more than 847,000 in 2021. Losses reported as a result of these crimes amounted to $6.9 billion in 2021, also a significant increase from $4.2 billion in 2020.
Clearly, the numbers tell us that even in this day and age when everyone’s supposedly aware that cybercrime exists and that it does happen, we should never be complacent. Cybercriminals continuously find ways to get through and their methods evolve. As such, our security systems need to continuously evolve, too. Organizations and consumers should protect themselves using an approach that’s stronger than just using a username and a password. And that approach, at the very least, is called two-factor authentication.
If you are a consumer, two-factor authentication keeps your personal data and accounts secure. You can rest in knowing that even if hackers try and discover your username and password, they cannot make any transaction unless they also have your smartphone. What’s more, any attempt on their part to make a transaction will alert you through SMS or email notifications.
For companies and organizations, 2FA will help ensure that your customers’ and clients’ data are safe in your hands. Having a 2FA system in place for your site helps send a message that you value your customers’ trust and that you are protecting them. Preventing threats and attacks on your site’s security helps you avoid financial losses and financial damage later on.
Two-Factor Authentication: Pros and Cons
Pros of 2FA
Cost-effective
Two-factor authentication costs vary, depending on the methods or factors you choose. SMS-based 2FA, for example, is less costly than retinal scanning. However, if you look at the bigger picture, it is cost-effective. Even the more advanced or sophisticated 2FA methods are now seeing a gradual drop in their pricing, thanks to widespread adoption. The more users adopt a certain method, vendors can offer their 2FA systems at lower price points without losing profit.
What’s more, as smartphones, tablets, and other portable devices become more technically advanced, they also become more equipped with 2FA-friendly technologies and biometrics (such as fingerprint scanning) that can be applied for authentication.
Extra layer of protection
For many decades, the username-and-password combo has protected users from cyber attacks. But a single layer of security is not so secure anymore. Even with a strong password that combines uppercase and lowercase letters, numeric keys, and special characters, it’s still not enough protection. Having a 2FA system in place helps make sure that your systems and accounts are still safe and impenetrable even if your first layer of security is compromised.
Cons of 2FA
Time-consuming
It goes without saying that having a two-factor authentication system takes you more time to access your account. Even more so if you spread this time element across your organization with hundreds or thousands of employees. Accomplishing 2FA systems could add up to many work hours that you lose every year.
However, there are 2FA methods that are easier and quicker to navigate, and you can use them. Moreover, if you think about how beneficial a 2FA system can be, the considerable amount of time in a year that you get to spend completing this action is nothing compared to your peace of mind.
Of course, at a consumer level or for individual users, the extra time spent on this extra layer of security is very negligible.
Losing your registered device can be a headache
For users who lose or don’t have their smartphone or other mobile devices or forget their login details to a connected account, things can be a huge hassle. Imagine opening your bank account on a different device and, for some reason, not having your smartphone with you for the OTP. In the worst case, you may need to actually go to your bank to make a transaction on site and wait for hours or days before you could make changes to your account login credentials and access your account.
Is 2FA Foolproof?
Like everything else that involves digital media and the internet, two-factor authentication is not foolproof and 100 percent safe. While 2FA does a much better job of preventing unauthorized access to your account compared to single-factor authentication, the level of security it provides still depends on the 2FA method you are using.
A 2FA system can still be breached through simple attack techniques. Your smartphone, for instance, could get stolen. That means the thief now has access to your mobile account, whose username and password you may have chosen to be stored or remembered in your phone’s memory so you could be spared from typing every time you open it. Imagine the thief holding the same phone with the mobile number you have registered to pair with your bank account.
What’s more, hackers can still use phishing attacks, malware, account recovery procedures, and other means to breach your 2FA and gain access to your accounts. They can also intercept SMS messages that contain their much-needed OTP.
Two-Factor Authentication: A must for today’s online world
Two-factor authentication offers our online accounts an additional layer of security if our first-layer protection – our username and password – gets breached or compromised. That is not a far-off scenario considering that hackers and cybercriminals have stepped up their game and are using more sophisticated methods to steal data and gain access to various sites and accounts. There are different authentication factors or methods you can use, each one presenting a different degree of security and navigation.
2FA may have its disadvantages, but these are very minimal compared to the peace of mind it gives you. You may need to spend a couple more minutes scanning your fingerprint, or waiting for that OTP SMS to come in, and you may need to spend on a new touchscreen phone, but these will save you countless hours of worrying or the thousands of dollars you could possibly lose in the event that you fall victim to cybercrime.