What is and how does two-factor authentication (2FA) for online login work

Some accounts we need to protect as much as we can

When we log into virtually any service or online account anywhere, we need to know the login name and password combination. If our password is very strong and chosen correctly, this combination will almost always be sufficient. On the other hand, we also have services that are so important that securing them is an absolute priority. These can be mainly:

  • E-mail account
  • Internet banking or other financial services
  • Social networks
  • Website administration
  • Corporate accounts

If someone cracks our account on a fan page about a series, we’ll probably get through it somehow, although it’s obviously annoying. But the accounts mentioned above (but you may have other very important ones) are absolutely crucial, and any breach of their security can cause really significant damage.

An email account usually acts as a so-called master account, and is therefore the account that makes it possible to reset passwords to other services you need to use the Forgot Password”

feature, which is found virtually everywhere you need to log in. Social networks, in turn, may contain your communications or sensitive data.

So even if we set strong passwords for these accounts, it’s a good idea to secure them as strongly as you can. This is where two-factor or two-factor authentication comes in. What exactly is it?

What is Two-Factor Authentication (abbreviated 2FA for Two-Factor Authentication)

Two-factor authentication adds an extra layer of authentication that is needed to log into an account. So, in addition to a username and password, you need to enter some other information or add a confirmation. We’ll look at what types of two-factor authentication there are:

Physical token

RSA Token
Photo: Alexander Klink, CC BY 3.0, via Wikimedia Commons

The principle is that you need something that you, and only you, have to log into your account. This can be an RSA token that periodically generates codes that need to be entered, but also various electronic cards not USB flash drives that need to be connected to the computer in order to log in.

Authentication via mobile app

Authentication via mobile app is very popular and effective – the most used are the free Google Authenticator apps (for Android here, for iOS here) or Authy. The app links to your account and uses mathematical formulas to generate a new code every 30 seconds

, which you need to enter when you log in. The code is generated even without an internet connection, so you can log in at any time.

The codes change regularly and are not sent or received anywhere, so they cannot be so easily eavesdropped on. You need to unlock your phone to access the app, which adds another method of authentication. If the service you’re logging into allows this authentication option, then be sure to enable and set it up. This, along with a physical token, is the most secure way to secure your online accounts.

Biometric authentication

In addition to a username and password, you’ll need to authenticate by logging in with your mobile phone, which requires a gesture, fingerprint, or facial verification

. This method is many times more convenient because nothing needs to be typed, but also more secure. Even if an attacker were holding your phone in their hand, they typically won’t log into your account unless they just know your gesture to unlock your phone.

Different services may require varying degrees of authentication, meaning that they require at least a fingerprint, for example.

Authentication via SMS or call

After you have entered your name and password correctly, a text message or call arrives on your mobile phone containing a code. This needs to be entered as an additional method of authentication. To be able to log in to the account, it is also necessary to have the phone in your hand.

However, calls can typically be answered without unlocking the phone, and SMS messages can usually be seen thanks to notifications

where the necessary codes can also be seen without unlocking. This definitely increases the security of the account, but if somehow an attacker is holding your phone, they may not even unlock it to use this method of authentication.

Generally, this type of two-factor authentication is the weakest because cell phone communications can be eavesdropped on and SMS read. However, even this authentication is better than no authentication.

Related Articles

Back to top button