What is two-factor authentication?
Two-factor authentication is also commonly known as two-step verification, 2FA, or even dual-factor authentication. It is a security mechanism in which a user provides a system with different means of authentication.
These two means of authentication can vary, but it is typically a password and a token that is obtained from a physical or virtual device. 2FA is used to provide an additional layer of protection for users that are signing in to a system with their credentials.
What are the benefits of 2FA?
2FA has several advantages, which include but are not limited to:
- Improved security
- Reduce costs that are help-desk related
- A wide variety of 2FA categories
Before 2FA came along, the convention for protecting sensitive data was through good old-fashioned passwords. The problem however with passwords was that they only provided a single layer of protection, as well as the fact that users chose very weak passwords. The issue with weak passwords was that hackers could easily guess them and hence hack into other users' accounts. A recent survey was done into the most common passwords used, and many people chose passwords such as "123456", "password1", or even "password123" which can be easily guessed.
So, if a user chooses a weak password, but has 2FA activated, it increases overall security by providing an extra layer of protection, instead of just a single layer with a password on its own.
Reduce costs that are help-desk related
The most common IT help-desk problem is users that have forgotten their password and want to reset it. A common way to reduce the number of queries was to use 2FA and let users reset their password by means of their own physical or virtual device via a token.
This token can be sent via SMS or an authenticator app such as Google Authenticator or Authy. The introduction of 2FA in an organization will help to save costs and also will reduce pressure on the IT technical support staff.
A wide variety of 2FA categories
When it comes to two-factor authentication, users must provide two pieces of information, based on two of the three principles:
- Something that they have (typically a physical/virtual device)
- Something that they know (a password)
- Something that they are (a biometric)
These categories allow users to be more flexible in how they want to authenticate themselves. Generally, most users opt for what they know and what they have.
What are the limitations of 2FA?
Although there are several advantages for 2FA, there are also limitations that come with it, and may include:
- Login-time increases
- Not completely secure
Log in time increases
When it comes to adding 2FA a common issue is the fact that it takes longer to log in to our application or system as opposed to just signing in with a regular username and password.
So, the issue with adding two-factor authentication comes in with the obvious fact that users will have to complete an extra step in order to log in, which adds additional time to the login process.
If there is maintenance on a 2FA authentication system, this can cause disruption among all users who have two-factor authentication instilled. A result of this will prevent users from signing in, as they won't be able to receive a token in order to log in.
Something like this is rare but has happened. From personal experience, I have experienced this, and the solution was to contact IT technical support to disable two-factor authentication until their system was fixed - which was very time-consuming.
Not completely secure
Of course, no security system or tool is completely "bullet-proof" from hackers infiltrating a system, but in certain circumstances, 2FA can be overridden. For instance, hackers can just simply steal someone's phone or even get access to their SMS's or emails via alternate avenues. These are very simple techniques that can result in proving 2FA to be irrelevant.
So, is two-factor authentication still relevant?
The answer to this question is a difficult one to answer since there are many benefits and disadvantages that come with dual-factor authentication.
Taking into account all the factors and looking at many surveys and opinions, it has been stated that 2FA is more of a benefit to users than it is not. An extra layer of security, with a variety of techniques to enhance the protection of data, is always better than a single way of authentication. The chances of protection from data being leaked or being hacked are significantly less than just by using a password.
Personally, I believe that two-factor authentication is relevant and that it is more advantageous for us to use.