Twitter's
got it. Apple's got it, too. Google, Microsoft, Facebook and Amazon have had it
for a while. But why's two-factor authentication important, and will it keep
you safe?
Two-factor
authentication, or 2FA as it's commonly abbreviated, adds an extra step to your
basic log-in procedure. Without 2FA, you enter in your username and password,
and then you're done. The password is your single factor of authentication. The
second factor makes your account more secure
Two-factor
authentication adds a second level of authentication to an account log-in. authentication.
It’s also a type of multi factor authentication
There are three types of authentication:
- Knowledge factors -- something the user knows, such as a password, PIN or shared secret.
- Possession factors -- something the user has, such as an ID card, security token or a smartphone.
- Inherence factors, more commonly called biometrics -- something the user is. These may be personal attributes mapped from physical characteristics, such as fingerprints, face and voice. It also includes behavioral biometrics, such as keystroke dynamics, gait or speech patterns.
is hard to use?
It
definitely adds an extra step to your log-in process, and depending on how the
account, it can be a minor inconvenience or a major pain. Much also depends on
your patience and your willingness to spend the extra time to ensure a higher
level of security.
"An
attacker might be able to collect a cookie or an OAuth token from a website and
essentially take over their session," he said. "So, 2FA is a good
thing, but it does make the user experience more complicated...It's done when
you're logging into an account on your device for the first time, for
example."
How safe is 2FA?
As
two-factor authentication becomes more commonplace, it's more likely that
attacks will be more successful against it. That's the nature of computer
security. But by virtue of being more commonplace, it will become easier to
use, too.
It's
true that two-factor authentication is not impervious to hackers. One of the
most high-profile cases of a compromised two-factor system occurred in 2011,
when security company RSA revealed that its SecurID authentication tokens had
been hacked.
To
hack two-factor authentication, the bad guys must acquire either the physical
component of the log-in, or must gain access to the cookies or tokens placed on
the device by the authentication mechanism. This can happen in several ways,
including a phishing attack, malware or credit-card-reader skimming. There is a
another way, however: account recovery.