2FA: How Does It Work?

Two-factor authentication (2FA) refers to a system which establishes access to an online account or digital fortress which demands the user to provide two different sets of information. The factor, in context, is a way to make the system or online service actually believe that your are true about your identity. This will enable it to determine whether or not you have access rights to the data you are trying to obtain.


The most common factor of authentication used today is the pair of username/password. Since most account require just a secret code to access them, a good number of services make use of the single-factor system for security. Two-factor authentication, on the other hand, requires a user to provide a password and follow another process to prove his or her identity.


Well, in the present day where cyber threat is becoming more real, mere passwords continue to be less secure. As a result, more and more individuals are moving to 2FA in order to secure their digital lives. In fact, countless service providers are either encouraging or mandating the shift to double down on the security of user data.


Why Use 2FA?

For most people, a strong password is just about enough. In their opinion, there is no way someone is going to guess it if it’s a combination of a Roman Numeral, an astrophysical formulae in letters and a crazily-rendered arithmetic progression. But major data breaches which have put thousands - if not millions - of email address/password pairs up for sale on the Dark Web have rendered even those paleolithic combos useless.


A lot of people, one of which you may be, use the same passwords across many sites and accounts. This makes it easy for a hacker to plug in known pairs into dozens of sites, testing for which provides them access. According to Verizon’s 2017 Data Breach Investigations Report, 81 percent of hacks could be put down to passwords that were either discovered this way or pairs that were too weak - trivially easy to guess.

Mnat sites adopt the storied security questions or knowledge-based authentication system. Asking you your mother’s maiden name or your city of birth are good examples. Even though they are used to support passwords, they have been found to be breachable. Anyone can look you up on Facebook and guess those answers comfortably. A determined hacker can bypass them via social engineering attacks.



How Does It Work?


To grasp the basics of the 2FA, one needs to revisit the concept of a factor. A password fits the definition given, for example, but it is best we address it in more abstract terms because it is something you know. This is why the so-called knowledge-based method is not a real two-factor system. It is basically backing up something you know with something else you know, which anyone else can know if they do a full background check. The answer to the security question, in essence, is just some other password which is subject to the same weakness as the first.


Something you have could be the gadget you carry with you all the time. The ‘something you are” takes us into biometrics - the technology which establishes identity by studying your physicals. Here, a password must be supported with a thumbprint, retina scan or some similar factor. A good example is the FaceID system most iPhone comes along with these days. As is obvious, somewhere you are has to do with your location. In spite of not being widely used, various experimental proposals have been floated. Weak versions of this exist, perhaps because it is usually a knowledge-based security question for some sites.


The two-factor authentication system pairs your first authentication factor with a second factor of a completely different nature. In other words, it combines the password you know with something else. The “something else” could be something you have, something you are or somewhere you are. As a user, you will need to supply both of these factors before you can have access to your accounts.


The additional info can as well be intimated to you with the help of an OTP (One Time Password) which will be sent to your mobile or email box. It could also take the form of a code on an application like Google Authenticator or Authy, where you need to enter the site’s login page along with your data. The email or SMS mode of authentication is, however, not so advisable because a hacker can tap into your email or social-engineer a copy of your SIM card.


The possible grandfather of the mode of security factor is the RSA SecurID. The 1993 system used a small physical device alongside a small oxnard screen displayed from time to time, changing random numbers. It is generated based on a seed designed at the factory. If you were a user then, you would need a password and a number from their SecureID token to gain access to sensitive areas.


Multi-factor Authentication


This would not be complete if we do not mention the multi-factor authentication system. This is a three-step process where you need a password, maybe a location and a message sent to your mobile or email to prove your identity. As a matter of fact, the 2FA is only a subset of the larger concept known as MFA. This is because one can theoretically pile on any number of necessary hoops users need to jump through to access sensitive data. Two is as much factors the ordinary user would encounter in practice. Although, that apparently cannot offer complete protection against hacks.




1 view