Two factor authentication

Twitter's got it. Apple's got it, too. Google, Microsoft, Facebook and Amazon have had it for a while. But why's two-factor authentication important, and will it keep you safe?

Two-factor authentication, or 2FA as it's commonly abbreviated, adds an extra step to your basic log-in procedure. Without 2FA, you enter in your username and password, and then you're done. The password is your single factor of authentication. The second factor makes your account more secure

Two-factor authentication adds a second level of authentication to an account log-in. authentication. It’s also a type of multi factor authentication

There are three types of authentication:

  •          Knowledge factors -- something the user knows, such as a password, PIN or shared secret.
  •         Possession factors -- something the user has, such as an ID card, security token or a smartphone.
  •          Inherence factors, more commonly called biometrics -- something the user is. These may be personal attributes mapped from physical characteristics, such as fingerprints, face and voice. It also includes behavioral biometrics, such as keystroke dynamics, gait or speech patterns.

 is hard to use?

It definitely adds an extra step to your log-in process, and depending on how the account, it can be a minor inconvenience or a major pain. Much also depends on your patience and your willingness to spend the extra time to ensure a higher level of security.

"An attacker might be able to collect a cookie or an OAuth token from a website and essentially take over their session," he said. "So, 2FA is a good thing, but it does make the user experience more complicated...It's done when you're logging into an account on your device for the first time, for example."

How safe is 2FA?

As two-factor authentication becomes more commonplace, it's more likely that attacks will be more successful against it. That's the nature of computer security. But by virtue of being more commonplace, it will become easier to use, too.


It's true that two-factor authentication is not impervious to hackers. One of the most high-profile cases of a compromised two-factor system occurred in 2011, when security company RSA revealed that its SecurID authentication tokens had been hacked.

To hack two-factor authentication, the bad guys must acquire either the physical component of the log-in, or must gain access to the cookies or tokens placed on the device by the authentication mechanism. This can happen in several ways, including a phishing attack, malware or credit-card-reader skimming. There is a another way, however: account recovery.