In today’s world of increasing digital crime and Internet fraud, people are becoming highly conversant with the importance of online security, logins, usernames and passwords. Despite the positive change in attitude, there is a general ignorance of “Two Factor Authentication?”.
Two-Factor Authentication often abbreviated as 2FA refers to a two-step verification under a security check process in which the user provides two authentication factors to verify if they are the rightful owners of the accounts which they are trying to access.
2FA can be contrasted with single-factor authentication (SFA), a security process in which the user provides only one factor, typically a password.
With standard security procedures (especially online) only requiring a simple username and password it has become increasingly easy for criminals (either in organized gangs or working alone) to gain access to a user’s private data such as personal and financial details and then use that information to commit fraudulent acts, generally of a financial nature.
The rise of two-factor authentication was mainly designed to counter security issues which have seen many social media accounts being hacked on Facebook, Twitter and Instagram. The traditional login procedure of using a regular password has become too light for hackers to gain entry into one’s account thereby exposing many social media accounts to online compromise.
How does 2FA work?
Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token.
Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person’s personal data or identity.
Historically, two-factor authentication is not a new concept but its use has become far more prevalent with the digital age we now live in. As recently as February 2011 Google announced two factor authentication, online for their users, followed by MSN and Yahoo.
Many people probably do not know this type of security process is called Two-Factor Authentication and likely do not even think about it when using hardware tokens, issued by their bank to use with their card and a Personal Identification Number when looking to complete Internet Banking transactions. Simply they are utilizing the benefits of this type of multi factor Authentication – i.e. “what they have” AND “what they know”.
Using a Two Factor Authentication process can help to lower the number of cases of identity theft on the Internet, as well as phishing via email, because the criminal would need more than just the users name and password details.
The downside to this security process is that new hardware tokens (in the form of key fobs or card readers) need to be ordered, then issued and this can cause slowdowns and problems for a company’s customers wanting and waiting to gain access to their own private data via this authentication procedure. The tokens are also usually small and easily lost so causing more problems for everyone when customers call in requesting new ones.
SecurEnvoy look to resolve this problem with Two Factor Authentication by utilizing mobile phone SMS technology. With over 5 billion mobile phones in use, turning a phone into an authentication device quickly solves the need and additional cost and delays of sending out hardware tokens.
Using Two Factor Authentication without tokens is called Tokenless Authentication, patented by SecurEnvoy. This type of authentication can be considered faster, quicker and cheaper to set up and maintain across many networks.