What is Two-Factor Authentication?

Two-factor authentication, or 2FA, is a means in which someone is granted access to a website or an application after submitting multiple pieces of evidence, also known as factors, to an authentication program or mechanism. It’s an extra level of security for your online accounts that requires you to verify that you are the owner of the accounts, and not just someone who knows the correct password.

During a data breach, a username-password combination can be easily stolen, but this additional credential can keep your data safe because to access an account, someone will need a factor that belongs specifically to you.

What Do You Need for Two-Factor Authentication?

Two-factor verification is an approach to account security; the specific method may vary based on each type of account or application. There are three different factors that may be used in conjunction with an account password during 2FA.

The different type of factors that may be used are:

• Knowledge. This is something that only the account holder knows, like the answer to a series of security questions or a PIN.
• Possession. This would be something that physical that the account holder owns that can receive additional credentials, like a phone app or physical security token.
• Inheritance. This factor is attributed to the account owners themselves. The credentials are typically biometric like a fingerprint or a retina scan.

Many companies prefer the possession factor, as many users feel that biometrics is a violation of privacy. However, when it comes to personal devices, these same users may prefer to secure them with biometric methods like fingerprints or facial scans.

How Does Two-Factor Authentication Work?

When you have or enable 2FA on an account, it will appear differently based on the type of factor used, but the basic steps are the same:

• The user is prompted to log in to their account on a website or application.
• The user enters their username and password. The site or app’s servers recognize the match.
• The user is prompted to provide a second form of authentication like a phone number, fingerprint, or security code. In many cases a one-time code is sent to a mobile device or email address.
• That one-time code must also be entered to verify account ownership before the user can log in and access their account.

While this process does not happen every time someone logs into a site with two-factor verification, some financial and healthcare organizations may request verification every few days. Most sites and apps with 2FA will initiate authentication every time a user logs in from a new device.

Types of Two-Factor Authentication Products

There are two main categories of 2FA products that exist to users: tokens that are given to users when the log into accounts, and website or app infrastructure that verifies access for users who are correctly providing and using those tokens.

Hardware Tokens

These are one of the oldest forms of 2FA. These tokens are about the size of a key fob and produce a new numeric code every 30 seconds. To access an account with one of these, you’d enter the code on your device when prompted. Other versions of these tokens would plug into a computer’s USB port. Unfortunately, they can be expensive to distribute and easy to lose or misplace, leading many organizations to switch to an authentication app for two-factor authentication.

SMS Text or Voice Message

This kind of two-factor verification interacts directly with a user’s personal phone. After entering their username and password, a website may ask the user whether they’d prefer a text message or a phone call to receive a unique one-time password. This password is then used to provide the second verification factor. While this is an extremely popular 2FA method, it may not be secure enough for truly sensitive information.

Authentication App

These apps are becoming popular due to their ability to be used with multiple apps and services. They’re downloaded by the user and can be used in conjunction with any website or app that supports it. During the login process, the user enters their username and password and then is prompted for a verification code, which is retrieved from the authentication app.

Push Notifications

Rather than relying on single-use passwords, some websites and apps now send users a push notification that a login attempt is taking place. Users can verify or deny the login with a single touch. This direct and secure connection can eliminate phishing opportunities and unauthorized access. They can be less reliable in areas with minimal cell or Wi-Fi signal because they rely heavily on smart devices but are generally preferred over SMS verification.

Stolen or weak passwords are frequently the cause of security breaches. While a strong password can help, it’s not much use to you if someone with questionable intentions has guessed it and accessed your personal information. You should always take every step you can to safeguard your personal information and identity and enable two-factor authentication when you are presented with that option. Microsoft Authenticator can help you keep your accounts secure thanks to one-time passcodes and push notifications. It allows you to manage app passwords and works with Microsoft and non-Microsoft accounts to keep your private information, well, private.