The password is the most popular and most common security measure available, and at a lot of times it is also the most vulnerable. In 2016, it was revealed that the leading source of data breaches are hackers and cyber criminals, who are after identity theft. And what is the response of most companies in the event and threat of data breach? It is to change user passwords.
But the password has a lot of shortcomings. For instance, passwords do not provide strong enough identity check. Anyone who gets a hold of the password can simply log into an account and take what they need. Be it your personal information or your hard earned money, with just password, its not as secure as should be. So, there has to be a better way for smooth and secure informational and financial transactions over the internet. There has to be another factor for identity check even when password is there.
Here comes 2FA
Two-factor authentication (2FA) is a method of identity control in which a user has to present two separate pieces of evidence to verify their identity. Two-factor authentication provides an extra layer of security for your account, making it harder for the bad guys to gain unauthorized access.
With 2FA, knowing the username and password alone is not enough to get in – you also need a second “factor”: something you know (e.g., your mother’s maiden name) or something you have (e.g., a code issued via SMS, or by an app) or something you are (e.g., you fingerprint) that a hacker doesn’t or isn’t.
A lot of different things can be used as pieces of evidence (2nd authentication factor), and the factors are usually divided into the following three main categories:
- Knowledge factors – Something the user knows, such as a password, PIN code or shared secret.
- Possession factors – Something the user has, such as a smartphone, smart card or one-time password (OTP) security token.
- Inherence factors (biometrics) – Something the user is, such as a fingerprint, voice or face.
Two-factor authentication can be made up of any combination of factors, for example, smartphone and fingerprint, or PIN code or OTP(one time password).
We focus here on the second kind i.e Possession factors. A code which constantly changes or expires after use i.e an OTP. It can be delivered to you by text message or or by a call or a secure application on your device/computer, making it virtually impossible for the hacker to get hold of.
But, then again, sending an OTP each time also brings some troubles. For instance, the hassle of entering the OTP every time you log in. So, the 2FA system better be smart.
We need a smart system that will recognize you by your device and should only ask for 2nd factor when you login from a new device and it should not ask for 2FA verification when you login from your trusted device. Like this, 2FA will not disturb the user experience and the security will still prevail.
Thanks for reading.
Share your views in comments about 2FA implementation on Spicemoney.