This kind of verification has long been used to control access to sensitive systems and data. Nowadays, it is more and more widely used by online service providers. This type of protection is a step up from single-factor authentication in which an account is protected by only one factor - most commonly a password or a passcode. The second factor adds an extra layer of protection against hacker attacks and is meant to safeguard the user's credentials, as well as resources that the user can access.
What is two-factor authentication?
The two-factor authentication (also known as 2FA, dual-factor verification, or two-step verification) method means a user has to provide two different authentication factors to verify themselves. These factors can come from different categories, the most popular of which are:
- Knowledge factor - refers to something that the user knows, such as a password or a PIN (personal identification number)
- Possession factor - the user has to have an ID card, a security token, a mobile device, or a smartphone app to be verified
- Biometric factor - the authentication is based on physical characteristics of the user, such as a fingerprint, voice recognition, etc. It is also called the inherence factor.
- Location factor - the location of the authentication attempt is being verified by GPS, IP address, and other methods
- Time factor - authentication can happen within a specific time window
Two-factor authentication has a unified process, regardless of the types of authentication factors required. The user is prompted to log in by an application or a website and enters a username and password. What follows is a second login step, in which the user, essentially, has to prove that they have something only they would have (from the inherence or possession factor groups), so that a one-time code can be generated. In the end, the user can access the application or website.
Two-factor authentication represents a form of multi-factor verification. It is important to note that the factors have to come from different categories. If they are from the same category, then we are still talking about single-factor authentication, which is less secure.
Implementation of two-factor authentication
Two-factor verification can be implemented in different ways, for different devices. A phone number can be used to receive verification codes via text message or an automated phone call. Some smartphones can recognize fingerprints, use a built-in camera for facial recognition, or use GPS to verify a location. Push notifications can also be utilized to verify a user. This passwordless authentication sends a notification directly to a secure app. The user is alerted that an authentication attempt is happening, and can approve or deny access.
All two-factor authentication products can be divided into two categories - tokens that are given to users to use when logging in, and infrastructure or software that recognizes and authenticates access for users who are using their tokens correctly. Authentication tokens may be physical devices, or may exist in software as mobile or desktop apps. Probably the most important aspect of 2FA is to make sure that the authenticated user is given access to all resources they are approved for and only those resources.
Cycrest Systems have offered two-factor (multi-factor) authentication for quite some time. For ease of use, It requires a smartphone app for each user, with other options available for those without smartphones. This system is used for: Cloud Office 365 users, Microsoft Cloud Hosted Email, SSL VPN access for remote access to your systems, On-premise exchange, and logins to your computer each day. This process generates a random password every 30 seconds that is used in conjunction with your regular login process (hence the 2nd step - Two Factor) to login into your account. Using this additional method, in the event your password is stolen or compromised, helps stop criminals from using your password/passphrase to gain access to your files, email, or system.