Almost every day we hear of companies that have become the victim of a cyberattack. Criminals have figured out cunning ways to gain access to usernames and passwords. However, when two-factor authentication is one way to make it harder for hackers to gain access to business networks.
What is Two-Factor Authentication?
Two-factor authentication, also known as 2FA, is a security method that makes it necessary for users to verify their identity. 2FA uses two authentication factors to verify a user. This is a method that can make it more challenging for a cybercriminal to gain access to resources and networks through the use of stolen credentials and more.
Two-factor authentication is another layer of security, which is combined with other security methods such as single-factor authentication (SFA). 2FA requires a user to provide a password, along with another factor to identify themselves. The second factor may be a security token or a biometric factor (fingerprint or facial scan, for instance).
Two-factor authentication can be used on networks, devices, for online accounts, and more. Without the second factor, hackers have a difficult time accessing a user’s accounts, and more. 2FA works against phishing, social engineering, brute-force attacks and more.
What are Authentication Factors?
Factors are nothing more than small bits of information that a user needs to authenticate their identity. There are several factors that can be used including:
Knowledge factor: requests specific information that only the user will know. The most common type of knowledge factor is the password. Other types of knowledge factors include a PIN (personal identification number) or a shared secret.
Inherence factor (also called a biometric factor): these are used to verify the identity of a user through physical attributes that only belong to that user. The personal attributes are mapped, such as a fingerprint or the user face. When the user tries to sign into an account or service, a device will need to authenticate the user’s fingerprint or face. Other inherence factors include voice recognition, behavioural biometrics, gait/speech patterns, and keystroke dynamics.
Possession factor: this is something that is known only to the user; the most common is an ID card, security token, cellphone, mobile device, or smartphone app which are used to authenticate the user.
Location factor: this form of authentication verifies the identity of a user by their geographic location, IP address, or even GPS (based on the person’s mobile phone or another device). For instance, if a person’s identity is set in one country, and then someone from another country tries to login, the location factor would use one of these methods to identify the user. The second person, located in the wrong country/IP address, would not be allowed to access the account or network.
Time factor: verifies the identity of a user on the basis time of access. For this type of authentication, the user may have a set time when they’re allowed to access a network, and they’re not allowed access outside of this set period. If a hacker tries to gain access outside of this set time, they will be locked out because they’re unable to verify their identity.
The most commonly used types of 2FA are the knowledge, inherence and possession factors. These and the other factors can also be used by networks that use multi-factor authentication (MFA), which uses two or more credentials to verify identity.
How Does Two-Factor Authentication Work?
While some people may find this process somewhat of a hassle, it is simple to use and requires 2 steps to authenticate the user’s identity. It works like this:
1). The user tries to sign into a website or application.
2). The user then receives a message they must input their username and password. After this, the site will then use this information to identify the user.
3). If the site doesn’t require a password, then it will create a unique security key. When the user applies the key, the site works to verify the key.
4). Next, the site will notify the user they will need to use the second login method. The second method may use the possession factor, where the user has to prove their identity through something only they will have. This could be an ID card, smartphone, security token, for example.
5). The user will then enter a single-use code that was created in the last step.
6). When the site authenticates the user, they are then granted access.
In actual use, these steps go quickly once users become used to the 2FA method.
Is Two-Factor Authentication Secure?
Yes, this is a secure method that adds another layer of security for logins and access to accounts, services, and more. However, some 2FA methods may have a weak point, which can be vulnerability used by a cybercriminal.
For instance, there are have been cases where hardware tokens were hacked, allowing hackers to gain entry to business networks. In other cases, the account recovery process can be overcome if a hacker resets the user’s password, which bypasses the 2FA process, and emails a temporary password to their own email account. The information to reset the password is then used by the hacker to gain access to the legitimate user’s account.
Two-factor authentication that relies can SMS be also be hacked, giving the cybercrook access to networks and against. Hackers have developed tools that can intercept, phish or spoof SMS messages with 2FA information. In fact, NIST (The National Institute of Standards and Technology) has advised against the use of 2FA for this very reason.
For this reason, more companies are turning to MFA (Multi Factor Authentication) to improve security. The most common form of MFA uses is three-factor authentication (3FA). This method may use a physical token, a password and biometric data (fingerprint or voice print), or combinations of other authentication methods to verify user identity.
Passwords are still necessary but are no longer provide the best security for online or network access. As hackers’ methods evolve, it’s necessary to increase security through the use of 2FA or MFA to ensure user access is authenticated to keep networks, resources, and devices more secure from cyberthreats.
7th October 2020
1st October 2020
14th September 2020