Two-Factor Authentication Rollout
- July 12, 2022
- by Angela
I'm sure many have heard of two-factor authentication on sites, but it is unclear to many what exactly it is used for. What is a two-factor authenticator? Why is it important? What are the “Factors of Authentication”? What threats does 2FA address? What are the types of 2FA? Read on to learn the answers...
What is a two-factor authenticator (2FA)?
2FA serves to confirm your identity beyond just your password. Wondering how? When you log in to a site that uses two-factor authentication, two “factors” (pieces of information) are always used to confirm your identity.
- The first factor is your username and password you use to log in to the site - something you know.
- The second factor is a one-time code sent to your phone (something you have).
When the combination of these values is entered on the site, it confirms your identity and you can then access the site's content.
Why is 2FA Important?
Two-factor authentication serves to protect sensitive data. Protecting that data with a password by itself is flimsy because the password can be stolen and then used by anyone anywhere in the world.
By requiring two pieces of information to prove you are who you say you are, malicious users are blocked from getting into your account.
What are the Factors of Authentication?
Beyond a password and a phone there are five authentication factors used by security professionals today:
- Knowledge factor - this factor verifies identity by requesting information that only the individual would know. The most common example would be a password. Your social security number or mother’s maiden name were used in the past but these are too easily obtained. It is best to use a different password for every account you use. It sounds hard, but it can easily be accomplished using a password manager. For more details see our post on personal security measures everybody needs to know.
- Possession factor - the name itself says that only the user can possess the information to confirm his identity. Typically your cellphone is used as the possession factor. While this isn’t totally foolproof (since your phone could be stolen, or your sim card could be theoretically hacked), almost all websites use this as the method for the second factor of authentication. There are more advanced tools such as physical hardware keys with rotating codes or apps that scan a QR code and then generate rotating codes.
- Inherence factor - implies an attribute that belongs to the owner. An example of this factor is a fingerprint. In addition to finger prints, voice signatures, handprints, retina scans, and facial recognition are used. DNA will likely be used in the near future. Verification of this nature is not typical for websites but is for physical access to secure areas (data centers, bank vaults, secret labs, etc).
- Location factor - this factor confirms the owner's identity based on his location in the world. This factor is based on the IP address. If the user registered from his own country and if he travels to another country and tries to register, then the program asks for verification of the owner, because he registered from a different address.
- Time factor - this factor works in a certain time range. If an owner tries to log in outside of a designated window, their login will be suspect until they prove their identity.
What threats does 2FA address?
User accounts of large companies, governments, and the public were not secure with a password alone. That is why the need for 2FA arose. The most common threats happening today that two-factor authentication mitigates are:
- Weak passwords - passwords can be stolen if the user writes it down on paper or if it is easily guessable. With 2FA even if the entire internet has your password, they would still need your phone (or a way to hijack your sim card) to get into the site.
- Phishing attempts - in order to get passwords, hackers send emails containing links to malicious websites. In this way, they steal data from users. 2FA protects against phishing by adding a second layer of validation after entering a password
- Social engineering - hackers can manipulate other people by presenting themselves in companies as IT experts and thus get access to passwords. 2FA protects against this by asking for the second factor (which.
- Brute-force attacks - the hacker randomly generates passwords for the computer until the correct password is found, and 2FA has a second level of protection that requires the login attempt to be confirmed before access is granted.
- Key logging - is malware used by hackers to remember a password while the user is typing it. 2FA provides protection while logging in so that others cannot copy the password he uses when entering a particular site.
Which industries use 2FA?
A growing number of industries use 2FA, including:
- Health Care
- Social media
- And last but not least - Wealth Meta:
- We recommend enabling 2FA under your profile.
Conclusion: Enabling 2FA is a smart idea on all sites that support it. It slows down the login process slightly but makes your data a LOT more secure. At Wealth Meta we are happy to offer this as part of our security measures.