What is two-factor authentication and why should I care?
We are all used to entering our email address and passwords before being granted access to our online accounts. Technically, this is referred to as single-factor authentication. Today, we will look at two-factor authentication (2FA), the security process that requires a user to verify their identity in two unique ways before they are granted access to a service or system.
What is the second factor?
The second factor is intended to bring in a layer of extra security. In addition to entering your username and password, you may be required to enter a code that is dynamically generated, has a short lifespan and can only be used once. This is referred to as “one-time password” or “OTP”. Alternatively you could use something you have such a cellphone or even your fingerprints and iris to log in. Other types include email token, where an email with a link is sent to a user who has to click on it before access is granted. Phone calls and software tokens can be used as a second factor to authenticate accesses.
Can 2FA be flawed?
Since the whole process of 2FA usually involves the transfer of security codes from one place to another, it’s possible for attackers to intercept these codes. But that said, it’s not really easy to intercept the code.
For example, the SMS-based 2FA can be flawed by tricking the user into installing an Android malware that will serve as a rogue listener for the attacker. After it’s installed, it will listen for all incoming messages on the user’s phone and then POST its content to a rogue server where the attacker can collect them. That’s extra work on the side of the server.
So yes, it can be flawed, but it requires extra effort.
Should I enable 2FA?
Even though 2FA can be flawed, enabling it can save you from a lot of harm. The advantage of enabling 2FA is that, after an attacker spends hours/days trying to crack your password; he/she can still not access your account. In situations where a company’s database is stolen by hackers, having 2FA enabled ensures that your account is still safe from the hackers.
Taking this extra step in the authentication process not only frustrates hackers, but also reduces your risk of becoming a victim of fraud or identity theft.
So yes, you should enable 2FA. It provides you with an extra security layer.