What is two-factor authentication?

Two-factor authentication is considered a reliable security tool for online accounts. We tell how it works and why it must be used.

In any way, it is impossible to neglect any way. This applies to two-factor authentication. All popular sites introduce it for the sake of high-level user security.

What is two-factor authentication?

The popular method of protection of the account password refers to single-factor authentication: to log in to the system, you need to enter only one password. Two-factor authentication (abbreviated 2FA) is a way to enter an account in which the user needs to confirm their identity in two ways.

For 2FA, you can use three types of verification data:

  • Information (any fact known to you, but not known to other people, such as password or answer to the question);
  • Physical Property (Smartphone or Electronic Key);
  • biometrics (something bodily, which unambiguously distinguishes you from the mass of other users, for example, fingerprint or rainbow shell scan).

Sometimes the concept of two-stage authentication is used to designate two-factor authentication. Despite the consonance, these concepts are not synonymous.

For successful passage of two-factor authentication, data from different categories are required indicated above, for example, password and code from a smartphone. Two-step test of the individual uses two types of data from one category, for example, password and response to a secret question.

2FA is a stronger protection method. It complicates the task of a hacking account in that it requires information from different categories and does not use verification methods with the same disadvantages.

Why two-factor authentication is important?

In the modern online world, only passwords are not enough.

Part of the problem lies in the fact that people are too lazy. Rarely who invent different and complex passwords for various accounts. Too light passwords, one and the same password for different accounts - all makes it easier for hacking procedure.

Short passwords consisting of dictionary vocabulary or created by predictable pattern, it is easy to hack with a more or less powerful computer. And if the same key is used on many sites, with the hacking of one account, the attacker will be available to others.

The generator and password manager partly help solve these problems. The generator creates complex combinations of characters, the dispatcher stores them in a safe zone. But this is also not a panacea.

Even if the password is superpower, it can be lured by a person by phishing attack or another form of social engineering. If the site has not paid enough attention to the security system, then as a result of the data leak, your password also falls into the hands of ill-wishers, the truth is no longer your fault. In this case, its complexity does not play any role at all.

What will happen if the account is stolen?

Learning a protective combination, an attacker may at any time go to your account and do everything from your name that he wants. First of all, cyber speakers are looking for information related to finance. Also, they are interested in data about your family and personal affairs. The goal in this case is obvious - to try to fool your acquaintances about transferring funds under any pretext.

Since many accounts are related to each other, the fraudster is enough to access one of them to penetrate into the rest. First of all, it concerns email, as access to it opens the ability to send and receive letters to reset the password from other accounts.

How does two-factor authentication work?

2FA adds an additional step to the verification process. In addition to login and password, you need to enter an additional code or otherwise confirm your identity. Without this information, the login will be unavailable.

To simplify and speed up the login to sites, many browsers are allowed to check the "Do not require verification code" checkbox. Thus, the user deprives himself two-factor authentication in this browser, but nevertheless it will be required when entering the site through another browser and on other computers. The function is convenient for the devices that you use constantly and in the protections of which 100% are confident.

Account Recovery with active two-factor authentication

Dual personal test complicates account recovery, so the procedure must be studied in advance. Almost every site, the password from the account can be reset using email. However, loss of access to an account, protected 2FA, is fraught with large problems.

For security reasons, sites can not allow simply disable 2FA when accessing the code generator or other input method used. If the user cannot confirm his identity by 2FA, the account will be blocked.

When configuring two-factor authentication, most sites provide a list of unique backup access codes. They are used to log in to the system instead of confirmation of the personality of 2FA. It is very important to save these codes if problems occur in the input, for example, in password manager or in printed form in a safe place.

If the codes are lost and other accessible ways to log in to the system will not have to be resorted to more complex account recovery methods. As a rule, this implies an appeal to the site support service. Usually recovery takes several days, and non-standard actions are required to confirm the personality from the user.

Passwords of applications for unsupported services

Two-factor authentication support many services, however it has no compatibility with some old generation devices. For example, if you have two-factor authentication in your Microsoft account and you are trying to enter the Xbox 360, the personality check will not work.

To bypass this restriction, you can use application passwords. Application passwords are one-time access codes that are used instead of a constant password from the account when entering the account protected by two-factor authentication. Activate this feature (if supported) in service settings.

Forms of two-factor authentication

Complete two-factor testing of the personality in several forms. Some websites offer only one option, while others are immediately somewhat to choose from.

SMS or code sent in e-mail

This form involves receiving a text message or an email with a one-time code to log in. The form is convenient, simple and at the same time unsafe, as the message can be intercepted by intruders. In addition, if there is no cellular communication or connection to the Internet, use the code will not work.

But still this option is better than nothing, so we recommend resorting to it if you cannot configure other verification methods possible.

Applications for 2FA

Special applications for 2FA are a balance between security and convenience. They generate unique one-time codes that need to be copied to log in.

This form is not available on all sites. If you activate it, the site will tell you how to link to the system one of the external applications for authentication. Usually, all you need to do is scan the QR codewith your smartphone to generate a one-time password, and then use it on the site to complete the setup. Authentication apps work offline, which is much more convenient than using passwords from SMS or email.

One of the best 2FA apps is Authy. It is available on all mobile platforms, offers backup encryption and a clean interface.

Physical Security Keys

The maximum security level is the USB stick acting as a security key. This form of authentication requires the security key to be connected to a computer or scanned with a smartphone when attempting to sign in.

Security keys are a strong option for protecting an account, since a physical device is more difficult to steal than a password or code in an email. However, in terms of usability, security keys lose out to generator applications. If they are lost, it will be problematic, and in some cases even impossible, to restore access to the account.

Where to use two-factor authentication

For maximum security, two-factor authentication should be enabled wherever possible. In combination with a strong password, this solution greatly reduces the risk of being hacked.

First of all, it is necessary to protect pages in social networks with two-factor authentication, since it is through them that today spam is sent and attempts are made to swindle money. Odnoklassniki, VK, Instagram and other popular services support two-factor authentication. You can find out how to activate it in the site settings.

Two-factor authentication is a modern and reliable way to protect data in the digital world. It will make logging in harder, but that inconvenience is nothing compared to the peace of mind you get knowing your accounts are secure. Take the time to set up 2FA right now, and future mass hacking news won't bother you as much.