Two-factor isn’t new, and it definitely isn’t going away anytime soon. Two-factor authentication (2FA), also called multi-factor authentication, has seen a rise in adoption as cybercrime also increases. Social media platforms have even joined the party, like LinkedIn and Twitter. Anyone who’s used 2FA knows that it’s supposed to keep your data secure, but how exactly?
Why does it really matter?
Passwords are quite easy to steal. Do you really want the only thing standing between your personal information, like your bank account for example, to be a flimsy password? Even the best password is still weak, compared to decent two-factor authentication.
2FA is an extra layer of access security added alongside normal credentials like username and password. It usually combines something you remember (like a password), with something you have (like a cell phone), or something unique to you (like your fingerprint).
Everyone has encountered two-factor in one form or another. Banks have been using 2FA for ages, combining your physical credit card with a PIN or signature. Having 2FA in place, in this example, means that if you lose your credit card, the person that finds it won’t necessarily be able to use it.
Keep in mind, that type of 2FA wasn’t the most secure, which is why we now have chips in our bank cards. In fact, that particular example isn’t even considered ‘two-factor authentication’ anymore.
Comparing types of two-factor authentication
While any extra layer of access security helps, certain two-factor methods perform better than others.
Not Secure – Knowledge Based
First, 2FA where neither factor ever changes, and are both easily attainable. As mentioned earlier, this would be bank cards before the chip was introduced.
In this example you have (1) a credit card number, and (2) a PIN. If you think of each as a password that never changes, it’s pretty obvious why it isn’t that secure. We already mentioned how easy it is to steal a password, and two passwords isn’t that much harder. This is especially true when criminals have an unlimited amount of time to get both passwords.
This also applies to other purely knowledge based and unchanging 2FA methods, like security questions.
Not Secure – SMS Verification
Currently, the United States National Institute for Standards and Technology (NIST) is working on a new set of guidelines around passwords and verification methods. According to the draft, they’re no longer considering SMS verification a secure form of 2FA.
There are a wide variety of SMS deliverability vulnerabilities. Check out this article from Naked Security by Sophos for a pretty solid list of reasons why SMS is no longer considered secure for 2FA.
Relatively Secure – Biometrics
This goes without saying, but your fingerprint is unique to you. Nobody has the same fingerprint as you, just like your eyes (retina scans). There are ways to ‘lift’ a fingerprint, but as with any other form of physical 2FA, it requires close proximity to you.
The caveat is that due to their nature, biometrics are publicly available and permanent. Passwords, on the other hand, can be kept secret and changed. Several sources note that if a person’s biometrics are compromised, it’s game over.
Secure – Software that Generates a Random, Changing Number
Software like Google Authenticator creates a one-time, changing numeric password for 2FA. The security of solutions like this depend on how they are used. Because the password changes constantly, chances of it becoming compromised are slim. When using software like this on your phone, you must also secure your phone with a strong password or pin. Otherwise, if your phone is stolen or lost, your accounts can be compromised.
Secure – Hardware Token with Random, Changing Number
Added to a password, a physical token creating random numbers in short intervals is a secure 2FA method. A security breach would require not only knowledge of your password, but also physically stealing the hardware token have a peek at this site. Just like software tokens referenced above, how you use this kind of 2FA will determine its strength.
Most Secure – Multi-Factor Authentication
Any type of 2FA is better than a password alone. As you add more layers of verification, an account becomes more secure. When more than two factors are used, it can be called multi-factor authentication, or MFA.
Unfortunately, at this time, multi-factor authentication is generally out of reach for most basic consumer services, and very limited for business purposes. In an ideal, security-centric world, multi-factor authentication should be the standard.
Does your business have two-factor authentication protecting your vital company data? If you need help getting started, or even if you just have questions about the benefits, feel free to contact us.
—
Sierra Experts is an IT Managed Service and Support provider, specializing in remote monitoring and remote management of computing systems, cloud/virtual systems hosting, VoIP/SIP PBX trunks and solutions, physical server hosting, software development and hardware and software reselling. For more, check out sierr001-2.sierradevops.com