Activating Two Factor Authentication or 2FA has now become a major security deal to secure our online services. Nowadays almost every website — that requires a log-in procedure for access — urges you to enable 2FA.
For most us, 2FA is an SMS with code/pin that we have to enter right after our username and password in order to get permission to access our online account — maybe its Facebook or Google or Twitter, everyone now recommends to follow this extra step. And some of us kinda dislike it without knowing its importance.
A group of us still thinks this 2FA security protocol is a real headache, unknowingly using it in the physical world since from ages. Yes, Two Factor Authentication is one of the oldest security methods and used to verify one’s identity in the real world too.
So what actually is Two Factor Authentication or 2FA in the online world?
Say, you have an online account with six characters long password (by the way is only known to you) and in an unfortunate event of data breach hackers could easily crack this password of yours within a fraction of a second. In fact, passwords are not foolproof because even though how strong or weak is your password, they easily get hacked by experienced security expert or cybercriminals. That’s where 2FA comes in to safeguard an account.
2FA is a one-time SMS/email code or biometrics or fingerprint that you get to claim your identity after you successfully enter the password. So when you activate Two Factor Authentication, a hacker requires more than your password to access the account. And also you get notified that someone else is trying to access your account.
So multi-factor authentication stops someone breaking into your account — that’s why it’s quite common for password managers, online banking, etc. Also, the received one-time passcode is valid only for a couple of minutes to hours, after that it self-destructs and it can be used only for one time to get access to that particular account. So moreover, by activating Two Factor Authentication your online accounts become unsusceptible to cyber attacks.
Different types of Two Factor Authentication:
As we already said, in Two Factor Authentication users must enter two of these three “somethings” you know to gain access to the account.
- Something you know — like account username and password.
- Either code generated from something you have — here we are talking about your phone or email or any other software to generate 2FA pin for that account.
- Or something you are — also biometrics like a fingerprint, retina scan or voice can be also chosen as 2FA.
2FA implementation with something you have, like with smartphone or software is the common method and there are many forms of Two Factor Authentication come under this category.
1. 2FA via SMS
This is the most widely used method to implement Two Factor Authentication. In this method, a secret one-time passcode is sent to users mobile number as an SMS text message to verify their identity after they successfully entered their username and password.
Pros of SMS 2FA:
- Easy to implement and user-friendly.
- Since 2FA is done through SMS, every user can avail this security feature, even with a featured phone — regardless of mobile data.
Cons of SMS 2FA:
- However, cell reception is the major factor to require SMS OTP (One-Time Password).
- Also if you lost your sim or phone, you no longer can’t authenticate.
- Hacker clones your sim card could access your account (rare case).
2. 2FA via Phone Call
In this type of 2FA, users get verification code via a phone call after they enter the correct username and password. Like SMS verification, phone call verification is also most convenient and easy to use 2FA implementation.
Pros of Phone Call 2FA:
- Easy to implement and user-friendly.
- Since 2FA is done through a phone call, every user can avail this security feature, even with a featured phone — regardless of mobile data.
Cons of Phone Call 2FA:
- As SMS, cell reception is the major factor here to get the passcode.
- Also if you lost your sim or phone, you no longer can’t authenticate.
- Hacker clones your sim card could access your account (rare case).
3. 2FA via Email:
Two Factor Authentication via email another common method used by the majority of users to get access to online accounts. Same as SMS or phone call, here also user gets an OTP or secret code via email to claim their identity. Sometimes, instead of a passcode, simply clicking a unique link in the email also grants access to the accounts.
Pros of Email 2FA:
- User-friendly and easy to implement.
- Available to both computers and phones.
Cons of Email 2FA:
- Unlike SMS/Phone call, the internet is required to receive 2FA code.
- Email delivery is another problem. Chances are there the mail may go to spam or get lost by server problem.
- If hackers compromised your email accounts, then they could also access your 2FA implemented social account too.
4. 2FA via Software:
Unlike any of the above-mentioned 2FA implementation, Two Factor Authentication via software or app is little more advanced and it’s gaining popularity. In this method, users have to install an application on their computer or smartphone to get 2FA code. This software dynamically generates tokens for the user that last a brief period of time. So by this method after successful login user simply have to open this app and type-in on screen current 2FA token to gain access to their account.
Apps like Google Authenticator, Authy, Microsoft Authenticator are some examples of software.
Pros of Software 2FA:
- User-friendly and easy to implement.
- You don’t have to wait to receive a passcode via email or SMS as its already auto-generated in authenticator application.
- Cross-platform support — some authenticator app like Authy also works both in smartphone and computers. So even though if you lost your smartphone, you can still get the 2FA token by using the app on your computer.
Cons of Software 2FA:
- Not available to every user, since it requires smartphone or computer.
- Anyone access your phone or computer could compromise your account.
5. 2FA via Hardware:
Hardware Two Factor Authentication is mainly used by business organizations but can be used on personal computers too. In this method, 2FA token is generated with the help of a hardware device — key fob or dongle. This hardware generally comes with LCD screen and at every 30-60 seconds, a new code is displayed on the screen.
Pros of Hardware 2FA:
- Easy to implement.
- No internet connection required.
- Most secure 2FA method.
Cons of Hardware 2FA:
- Expensive to set up and maintain.
- Devices can be easily misplaced, forgotten and lost
6. 2FA via Biometric:
Generating 2FA tokens with biometrics is totally different approach than any other above mentioned ones. In biometric verification, the actual user becomes the token. Yes, your own fingerprint or retina or voice or facial recognition became the 2FA token to claim your identity to get access to your account.
Pros of Biometric 2FA:
- Most secure 2FA method.
- Since yourself being the token makes this method user-friendly.
- No internet connection required.
Cons of Biometric 2FA:
- Storage of your biometric data on other servers arises privacy problems.
- The requirement of special devices like scanners, cameras needed for this method.
So now you are aware of different types of Two Factor Authentication methods and their advantages and disadvantages. Soon we will publish more article related to 2FA like — which 2FA software is best, how to activate Two Factor Authentication on different social accounts etc.
I would add one other disadvantage of biometric authentication – if your biometric details are obtained you do not have the option to change them as they are a fixed aspect of your identity (i.e, you cannot change your fingerprint etc). Additionally, many of your biometric features are to some extent readily available (for example a laptop protected by a fingerprint reader is likely to be covered by the vary fingerprints that are protecting it).