Two-factor authentication is a security procedure in which a user provides two different features to identify himself. One of the features is usually a physical token, like a card, while the other is, for example, a security code that the user must remember.
In this context,
the two characteristics are sometimes referred to as something that “one has”
and something that “one knows”. A typical example of two-factor authentication
are smart cards: the card itself is the physical object, while the PIN
(personal identification number) is the associated information. The
combination of both makes it more difficult for a stranger to access the user's
bank account because both elements are required, i.e. the physical object and
the PIN.
According to its
proponents, two-factor authentication can massively reduce the
incidence of identity theft, phishing attacks
and other online fraud attempts because it is not enough to steal the victim's
access devise. The thief also needs the relevant information, for example
the PIN - or vice versa.
What Are
Authentication Factors?
An authentication factor is
an independent character that is used to verify identity. The
three most common components are often described as something that you know
(knowledge factor), that you own (have factor), and that you are (being
factor). Also, there are systems with advanced requirements where
both location and time are added as fourth and fifth factors.
Single-factor authentication is
based on a single component used to identify someone. The most common
example of this is the username and password combination (something only the
user knows). The security of one-factor authentication relies to a certain
extent on the conscientiousness of the users. This includes choosing
strong passwords and avoiding automatic logins such as logging in using social
networks.
In any system or
network that contains sensitive data, it is advisable to add additional
authentication factors. Multi-factor authentication uses two or more
features to increase security.
One-Factor
Authentication vs. Two-Factor Authentication
Although usernames
and passwords are two characteristics, they belong to the same authentication
factor (knowledge), so they are one-factor authentication. It is because
of their low cost, ease of implementation, and popularity that passwords are
the most common form of one-factor authentication to this day. But they
are not the safest. Extended requirements can provide more security,
depending on how they are used. Many biometric identification
processes, even as standalone
solutions, guarantee more security, even with one-factor
authentication.
Another problem
with password-based authentication is that it requires both knowledge and
diligence to create and remember strong passwords. Passwords also
need protection against many insider dangers. These include carelessly
discarded yellow pieces of paper, old hard drives, and social engineering
attacks. Passwords are also threatened by external hackers using brute force,
dictionary, or rainbow table attacks. Provided an attacker has enough time
and resources, he can usually crack password-based systems. The two-factor
authentication provides additional security here.
Products with
Two-Factor Authentication
Some countless
devices and solutions are used for two-factor authentication. They
range from tokens and RFID cards to smartphone apps.
Offers from
well-known manufacturers:
·
RSA's SecurID is still widely used even after SecurID was hacked in
2011.
·
Microsoft Phonefactor offers two-factor authentication at affordable
prices. It's even free for small organizations with up to 25 users.
·
Dell Defender is a multi-factor solution that offers biometric and other
token methods for complex authentication systems.
·
Google Authenticator is an app for two-factor authentication that also
works with other sites or services.
·
iOS, the iTunes Store, and other Apple cloud services also support
two-factor authentication to protect users' accounts and data.
Two-Factor Authentication for Mobile Identification
Apple iOS, Google
Android and Blackberry OS 10 are equipped with apps that support two- and
multi-factor authentication. Some smartphones have screens that can
recognize fingerprints, built-in cameras are used for face or iris recognition,
and microphones identify voices. Many smartphones also recognize the
current location via GPS. Voice services or SMS can also be used as
additional factors. Also, some apps can create one-time
passwords so that the phone itself acts as a physical device that covers the
already mentioned credit factor.
The Google The authenticator is such a two-factor authentication app. To access a website
or a web-based service, the user enters his user name and password followed by
a one-time passcode (OTP). This passcode was sent in response to logging
in to his previously linked device. The six-digit one-time password
changes every 30 to 60 seconds and is also used to prove ownership as an
authentication factor (credit factor).
Smartphones
therefore offer many options for two-factor authentication. Companies can
choose the methods that work best for them.
Is Two-Factor
Authentication Secure?
Critics argue,
among other things, that two-factor authentication is no more secure than a
password alone. For example, an attacker can spy out passwords on a
computer and then use them when they gain access to the computer, boot it up in a safe mode and thus bypass the physical authentication mechanisms. But that
is a special case.
Multi-Factor
Authentication for More Secure Connections
Some security
processes now require three-factor authentication, which can consist of a
hardware token, a password, and biometric data such as fingerprints or voice
recognition, for example.
An attacker can,
for example, succeed in cracking a single authentication factor. A
thorough search in the victim's environment can, for example, lead to the
discovery of an employee ID or a user ID including the associated password that
ended up in the trash. Or a carelessly disposed hard disk contains a
password database. However, if additional factors are required for
authentication, the attacker faces at least one additional hurdle to avoid.
The majority of
attacks today take place over Internet connections. Two-factor
authentication can make these distance attacks far less dangerous because
simply cracking the password is no longer enough to gain access. This is
because it is very unlikely that the attacker would also get hold of the
physical device that is linked to the user account. Every additional
authentication factor makes a system more secure. To keep your system more secure install advanced antivirus protection. This is because the
individual factors are independent of each other. If one of the factors is
compromised, the others will not be affected.
Comments
Post a Comment