Two-Factor Authentication
Two-Factor Authentication (2FA) works by adding an additional layer of security to your online accounts. It requires an additional login credential – beyond just the username and password – to gain account access, and getting that second credential requires access to something that belongs to you.
Without this additional access method, it’s impossible to enter the account, which in turn makes it impossible for hackers to access your account using only stolen password and login information.
What Can You Use for Two-Factor Authentication?
Two-factor authentication describes an approach, not a method. Many different methods exist to secure your account with two-factor authentication.
There are three main types of two-factor authentication:
- Additional login credentials only the account holder should know. This includes things like security question answers and PIN numbers.
- Devices the account holder owns that receive additional login credentials. This most commonly takes the form of a security token, mobile phone app, or tablet device app.
- Biometric login credentials unique to the account owner. This includes retina scans and fingerprints.
How Secure is Two-Factor Authentication?
An account that uses 2FA is much more secure than a mere username and password login, but that doesn’t mean it is entirely foolproof.
Text Message 2FA Security
For text messages, one of the biggest 2FA security flaws is the ability of users to keep their cell phone numbers even when they switch providers. Mobile number portability is an opening for hackers to impersonate you and switch your number to a phone they control.
One that happens, your usernames and passwords will give hackers access to your accounts.
Authentication Applications 2FA Security
Authentication apps like Google Authenticator are vulnerable to device theft, leaving your device unattended while at work, or losing it while traveling puts your accounts at risk.
Similarly, security tokens — often considered one of the most secure types of 2FA — can get hacked at the manufacturer level.
That’s exactly what happened to customers of RSA Security’s “SecurID” tokens, after a breach leaked sensitive information to hackers.
Biometric 2FA Security
People often believe biometric security is foolproof. The reality is much different. Just like any other security method, hackers can get account access even with biometrics enabled.
A hacker isn’t going to remove your finger (we hope) to gain access to your accounts, but these security systems aren’t magic. They must store a Digital representation of your fingerprint/retina to work. And that can be hacked.
Two-Factor Authentication Best Practices
You should never use only a username and password to protect an account.
The number of corporate security breaches in recent years proves it’s too easy for hackers to gain access to your accounts.
However, that doesn’t mean that two-factor authentication is a foolproof way to prevent commerce fraud.
Using text messages, authenticator apps, or biometric methods are better than nothing, but you should also go beyond that and follow these 2FA best practices:
- Don’t use your personal phone number for text 2FA authentication.
Phone carriers are notorious for getting tricked into changing account details by clever hackers. Instead, set up a dedicated Google Voice number that you can always keep and that a phone carrier cannot change. - Don’t use email-based account resets.
It’s convenient to reset your accounts by email. This is because it makes it very easy for a hacker to bypass other 2FA procedures you’ve put in place and get at the account with just a username and password. - Use a combination of authentication methods.
You can secure many accounts with more than one 2FA methods.