What Is 2FA?

Jun 18, 2019

What Is 2FA?

BY Tobias Geisler Mesevage

Let's Get Technical

Two-factor authentication is a security procedure where a user is required to provide two different authentication factors to verify their identity so they can access their account. The first authentication factor is usually a password and the second factor can be a user-generated security token or biometric authentication. Adding an additional security layer on top of a password can greatly enhance the security of accounts. Two-factor authentication is a simple way to bolster your account’s armor to better fend off a variety of cyberattacks.

The digitalization of many aspects of our life’s daily activities has been a huge convenience for modern society. The days of having to hail a cab to the airport, wait in line at the box office or transfer funds internationally via a bank teller are in the past, if so desired. However, the convenience of ride-sharing mobile apps, web-based ticket exchanges, and online banking can easily expose end-users to a litany of security vulnerabilities. Vulnerabilities, that if exploited, can produce catastrophic consequences such as identity theft or sudden account liquidation.

Still, the most conventional way to secure digital accounts is with a username and password. Many services now, at least, require that passwords must be 8 characters or longer and be composed of a combination of upper-case letters, lower-case letters, numbers, and special characters. These parameters are designed to prevent people from using easily compromised entries such as ‘123456’ or ‘password.’ Unfortunately, the combination of so many excellent and enticing services requiring these ‘more secure’ user credentials, the limitations of human memory and sheer laziness, cause many folks to just cycle through two to three secure passwords for, sometimes, over hundreds of online accounts. Thus, a person’s entire digital footprint can be exposed if a single password is discovered by a malevolent party.

Types of Two-Factor Authentication

There are numerous conventions to implement two-factor authentication. These methods vary inconvenience and costs. Utilizing any of them is an excellent step towards improving security for your personal and professional accounts.

Text and Call Based Authentication

One of the more convenient two-factor authentication methods is to associate a mobile phone number with your account. Then whenever a user attempts to log into an account on an unrecognized device they will be prompted with the choice of receiving a text message or phone call that will contain a single-use passcode. Once that passcode is entered along with the proper user credentials, access to the account will be granted.

Hardware Tokens

An ancient — yet still effective — method of two-factor authentication is to enter a passcode that is generated by a hardware token, in addition to the user name and password. Typically a key fob or a metal card, hardware tokens are paired with a user and usually cycle a new passcode every 30-60 seconds, so the current passcode on the unique token must be entered concurrently with the user’s credentials in order for the account to be opened. While offering a great additional layer of security, hardware tokens can be a large capital expenditure.

Software Tokens

Similar to the concept of a hardware token, this method of two-factor authentication pairs an instance on a software application with the user’s credentials and will generate a one-time passcode once the user requests one. An additional layer of security can be added on top of the software token as the user can be required to enter a PIN code in order to generate a passcode.

Biometric Authentication

Biometric authentication has become rather ubiquitous in recent years as many people use fingerprints and face scans to unlock their personal devices. Biometrics rely on the user to act as the authentication token and are thus an extremely reliable method to verify that person is accessing the proper account.

Benefits of Two-Factor Authentication

Protection from Hacks and Brute Force

Your precious personal information is further secured via a physical item that only you should have access to. It is extremely unlikely that someone who’s purchased your hacked password on the dark web will simultaneously be able to access to your phone with a password or biometric key and know the 6-digit PIN code you use to generate your 60-second soft token.

Awareness of Potentially Compromised Accounts

If some nefarious entity makes many unsuccessful attempts to access your account because they are thwarted by your additional layer of security, then you will hopefully receive a notification from your account provider regarding this suspicious activity. Once alerted, you can then confirm that your account information has been compromised and quickly change the passwords for any additional accounts that share that same user name and password that are not protected with two-factor authentication.

Increased Work Flexibility and Productivity

With workforces increasingly becoming more distributed, two-factor authentication enables remote and mobile employees to access secure organizational information and systems from any location. With two-factor authentication deployed a worker can access their Office 365 server without being on the company’s network or VPN. Two-factor authentication can empower employees to work with greater flexibility and increase their overall productivity.

Potential Drawbacks of Two-Factor Authentication

Cost

Successfully deploying some methods of two-factor authentication for the entire staff of an organization will require some upfront expenditures and recurring costs. For instance, purchasing hardware tokens and then pairing them to each individual at the organization will involve the labor of a third party vendor. Funds will also need to be allocated for managing the service, replacing devices and any potential adoption programs that are implemented.

Lost or Faulty Devices

Relying on authentication tokens generated via a piece of hardware or via an application on a mobile phone can potentially subject users to a long stretch of time without access to their accounts if the device that provides their means of authentication is lost. Rectifying and resetting their account’s authorization can be a lengthy process. Users can also be locked out of their account if their biometric readers are no longer functioning properly. This can cause a great deal of frustration and lead to a dip in productivity.

In conclusion, the benefits of using two-factor authentication greatly outweigh some of the minor drawbacks. That is why Datto has mandated that you must use two-factor authentication to access their Partner Portal.