More and more often hackers target major online services, web shops and email providers. The latest big target for hackers was the website for cheaters; "Ashley Madison".
So is only a login and password still adequate? Can we still trust that familiar way of security? With two factor authentication you can add an extra layer of security to your data. In this article I show you what two factor authentication is, how it works and why we need it.
What is Two Factor Authentication?
Two Factor Authentication, 2FA or TFA is a better way to protect your online accounts. Besides entering the password into your account you also have to enter an additional code that you generate through a personal device.
TFA is an authentication process in which two out of three factors mentioned below are necessary to recognize you as a valid user.
Something you know - This is your password, PIN, passphrase or a similar code.
Something you have - Something like a smart card, a pass or other hardware
Something you "are" - This is for example your fingerprint, your iris pattern, voice recognition or your heartbeat.
TFA is working when two out of three are used correctly.
An example from everyday life:
If you're going to withdraw money you need two things: A debit card and your PIN. Your debit card is something you have, your PIN is something that you know. With this combination you get access to your bank account. If someone has your card, but he or she doesn’t know the correct PIN, then it stops right there. The other way around is identical, while there is a list online of all PINs, but having no corresponding debit card will not get you far.
More and more web services uses Two Factor Authentication in order to secure access. They use an SMS verification code or a smartphone app to generate the additional code that you must enter. The most used app is Google Authenticator, others are AlterEgo and Authie. Although it’s more common for businesses to use SMS.
How does this (Two Factor) Authentication work?
The good news is that you can set up TFA fairly quick and it works very much the same way at each different service. The bad news is that you have to set it up yourself and sometimes you have to look closely where you can configure the settings.
TFA works according to the same principle on almost every website: After typing your login name and password you need to enter an additional code or text that you receive via SMS or an additional app like Authenticator. Only after
entering this extra code you get access to the secure part of the site. If a website is offering TFA, you'll often need to activate it yourself.
Cybersecurity expert advises Two Factor Authentication
CM had a very interesting interview about security with Kimo Quaintance (Lecturer Cyberpower & National Security) @ Mobile Convention Brussels 27-11-2014.
Are you already using 2FA?
Not every major service offers two factor authentication, but I suspect seeing a lot more of TFA since hacks and bugs get so much attention.
I think 2FA is a prelude to a new way of identification and authentication for online services. Ultimately, this will not happen with codes, but with biometric services such as your pulse or the iris of your eye. Until then 2FA is a great way to protect you.
Note: 2FA gives you better security but it is still not 100% secure. Researchers already hacked the security of Dropbox and already know how to get around it. And if you're already using 2FA, it is still wise to generate the codes again because bugs like Heartbleed could have affected your Two Factor Authentication codes.
Free cloud services can easily be abused because many of them lack more secure verification processes. Bishop Fox researchers Rob Ragan and Oscar Salazar demonstrated that services like Dropbox and Google Apps can be used as botnets.
Insurance Broker Turien & Co. implemented SMS verification into their online client portal in June 2014. SMS verification was installed well before a new measure – UM09 – ordered more security for logging in at client portals.
Fraud with online transactions in the United States has lead to a loss of about five percent of revenues of organisations every year, the Association of Certified Fraud Examiners has calculated. Mobile Commerce and International Merchants experience big losses, BusinessWire has learned.
The various data leaks and thefts follow one another at a rapid pace. In the digitalising society, data has never been so important, but also never so vulnerable. How to prevent the number of data thefts? Awareness about your digital security and about sharing knowledge are of key importance as far as this is concerned, SecureLink states.
“Today, we see a rising number of fraud cases with and hacks through our mobile smartphones, something that was rarely seen some years ago. Until now. Our mobile phones have become an attractive target for criminals.”
"Data is the key to success." But poor data protection opens doors for hackers. On top of that, companies must stick to more and more rules when it comes to data protection. However, good data protection is not as complicated and impossible as it sounds. That is why we want to denounce some ineradicable statements here. Fact or myth?