In a 2019 survey by Cygenta of 1,000 people in the UK, 62% didn’t know what two-factor authentication was.
Two-factor authentication (2FA) is an extra layer of security added to your log-in process; such as a code sent to your phone or a fingerprint scan, that then verifies your identity and helps to prevent cyber-criminals from accessing your private information so easily. 2FA offers an extra level of security that increases the difficulty for cyber thieves, because they need more than just your username and password credentials.
2FA is a subsection of multi-factor authentication (MFA), an electronic authentication method that requires you to prove your identity in multiple ways before you are given access to an account.
Two-factor authentication is so named because it requires a combination of two factors, whereas multi-factor authentication can require more.
Two-factor authentication requires that extra step — without 2FA, usually you simply enter your username and password to access an account, but two-factor authentication requires both something you know (your log-in details) and something you have (Eg. your phone). For example, if using a phone as your 2FA, once you enter your password, you’ll get a second code that is sent to your phone, and only after you’ve entered the code from your phone will you get access into your account.
This code is known as an authenticator, a passcode or verification code. Without the code you can’t log on, even if you know the correct password.
Using a bank card at an ATM requires 2FA – something you know (your passcode) and something you have (your bank card).
With the advanced techniques of hackers and slack originality of users with password creation, passwords alone are generally quite weak.
Cyber criminals have turned to automated processes that can go through thousands of password combinations in minutes, so they don’t even have to monotonously go through a guessing process, they can even sleep easily whilst the procedure is done for them.
So whilst the criminals are finding easier ways to hack, you need to use harder methods to prevent a successful attack. 2FA may seem like an added hassle, but without it you could be leaving yourself vulnerable.
If you add something you have to allow access to your bank account, a cyber-criminal who knows your password won’t get any further without having your phone, for example, when it receives the verification code.
By adding the extra security step means cyber criminals will struggle to access your account and move on to the next easier target.
The factors of two-factor authentication are generally separated into three categories:
There are indeed several types of 2FA available, all of them sitting within the categories listed above. Eg:
Not all sites use two-factor authentication, but some give you the option to activate it for your account. Some popular websites that offer 2FA include: Amazon, Facebook, Lastpass, LinkedIn, PayPal and Yahoo. But there are many more.
Sadly no, no security measure is 100% guaranteed. It is a hacker’s ambition to beat the security measures in place to prevent them getting in, and they rise to the challenge until they win.
There are also the concerns that users of 2FA can be complacent, thinking that by using 2FA means their password doesn’t need to be as complex. This is not the case, the more difficult to crack the password, the stronger the security.
The other concern is that the most common 2FA method, using SMS authentication, is that SMS is less secure than using an authentication app.
But it is still important remember that 2FA is still an added step of inconvenience for the hacker.
Although many may regard 2FA as an added hassle, as technology improves, so 2FA becomes quicker and easier to implement. Verification codes generally take seconds to generate and deliver.
90% of passwords can be cracked in less than six hours.
Despite no 100% guarantee, 2FA still makes it harder for identity theft and phishing via email to happen to you; cyber criminals need to gain more information than just your username and password. Use 2FA and let the hackers pass you over for the more convenient, lower-hanging fruit with the ‘123456’ / ‘password’ passwords!
Find out more