Two-factor authentication is the foundation of online security. You may have already heard the terms two-phase or multi-phase authentication, 2FA (2-Factor Authentication) or MFA (Multi-Factor Authentication). What does that actually mean? Do we understand what we are talking about?
Why set up two-step verification?
For various services on the Internet, such as e-mail, subscription newsletters, Facebook, Twitter, Instagram, etc., in the most common case, we log in using username and password. They are technically called "authentication factors". Multi-factor/multi-phase authentication means that several factors are used at once. What factors for user authentication do we have nowadays? Let's go through them and show them with examples shall we?
Authentication factors can be easily divided into three basic groups. We will help ourselves with a rather widespread mnemonic in the security community:
1. Something I know
We are talking about the most common thing that we all use. In the fairy tale, the words had to be spoken: "Sesame, open!" What did those words mean? Yes correct! Password Passwords, PINs or phrases are the most basic authentication factor we use today.
We have to remember the password. Now you're thinking, oh, the head is leaking. Don't lose hope, help is easy. There are quite a few applications and programs, which help people not only to remember, but also to create sufficiently strong and secure passwords, for example Keepass, Lastpass and more. Even the most used browsers already have their passwords integrated into them.
2. Something I have
We have to divide this area into two more categories:
A. Authentication applications and everything else related
As this is software, it is also necessary to have a device on which to install it - a mobile phone (with Android or iOS), a tablet or a computer. The application itself then, after registering in the selected service where you want to log in, generates one-time codes with short validity, which needs to be entered when logging in. An example of an authentication application is Google Authenticator.
The second type of authentication application is, for example George Klíč from Česká spořitelna. It does not generate one-time codes, but it wants the user to confirm each transaction, whether it is a login or a payment confirmation, via e.g. a PIN code. If we wanted to be hyper-correct, we would call the George key an authorization application, because the user authorizes or authorizes transactions through it. From the point of view of an ordinary person, however, the difference is tiny.
We can also include in the group of authentication factors one-time codes sent via SMS. In the past, this method was often used by banks. However, for security reasons, authorization SMS has recently been abandoned and the transition is being made to authentication (and therefore authorization, mrk mrk) applications. George key, RB key and all other keys are examples of this.
B. Physical Facilities
A physical device can perform a similar function as an authentication application, which must be connected to the computer (via USB) or at least approached and connected wirelessly using NFC on your phone. These devices can be so-called tokens or smart-cards and without their physical presence, you simply won't log in. As an example, we can cite Yubikey tokens. Do you ever sign with an electronic signature and use a USB "box" for that? That's exactly it.
3. Something that I am
The third possibility of authentication is provided by some characteristic of my body. Fingerprints, facial features, retina or iris etc. Common practical examples are Touch ID or Face ID on Apple devices or some parts of Windows Hello.
Since man is a lazy creature, we want to make things easier for ourselves and we combine the techniques described above in different ways. In the authentication application, for example, instead of typing in PINs, we use fingerprints. And then master it!
Conclusion – Turn on multi-factor authentication wherever you can
The main and most important message is: multi-factor authentication, two-factor authentication, 2FA, MFA, or whatever you choose to call it, is a great thing and will greatly increase the security of your online accounts. Turn it on wherever you can. At their own primary accounts (Google account, Apple ID) with which you access other services, you should not hesitate for a moment. However, LinkedIn, Facebook, Instagram and many others can also multifactor. You can always find it in the settings of the given service, in privacy or security tab.
Interested in more?
Read mine 7 steps to get (digital) well-being and get online under control.