Two-Factor Authentication

Two-Factor Authentication is a method of increasing security to the access of online accounts by adding a layer of additional identity verification to confirm that the person attempting to access the account is indeed the owner of the account.

Although this second verification can come in a number of forms, we shall attempt to make the concept easier to understand by referring to this second verification with the generalized term “secondary password”. Two factor authentication therefore, is a method of increasing access security by requiring two passwords instead of one. Equally important, the second password is usually designed to address most of the inherent weaknesses of single-password system.

For instance, one of the most basic weaknesses of a single password is that someone else might guess it. 2FA resolves this by requiring a secondary password and increasing the difficulty of guesswork. Furthermore, the secondary password is usually defined not by the user, but rather by an automated process of generation, making it much more random and almost impossible to guess. For example, while a human user very commonly uses some variation of special dates (birthdays, anniversaries) as a basis for numeric passwords, and thus narrows down the possibilities for someone trying to guess said password, automatic password generation on the other hand, is totally random and increases the difficulty of guesswork exponentially.

Another common pitfall of a single, user-defined password is that the user might store it somewhere (i.e. written down on a piece of paper, saved on the webpage or app, etc.) from where it can be stolen. Again, 2FA attempts to minimize this pitfall by generating the secondary password only at the time of login, when it is generated in a random fashion, sent to the user, and required to be used in conjunction with the primary, user-defined password. Since a unique secondary password is generated at the time of each logon, the secondary password can never be stored, and if it cannot be stored, it also cannot be stolen.

Finally, ideally the secondary password is sent to the user/account owner via a channel that is assumed to be very personal to the user and of which he/she is already naturally careful to limit access. These days the logical choice are our personal smartphones, the gadgets which are never far from us, and of which we are already naturally protective.

Of course, while 2FA undoubtedly adds to the security of access to our online accounts, no system is entirely foolproof, especially if we do not do our share. The following is a reminder of the best practices we can apply in protecting all our online accounts:

  • Avoid writing down your passwords.
  • The strongest passwords contain a combination of number/s, upper case letter/s, lower case letter/s and special character/s. It also does not contain parts of your name and significant dates.
  • Ideally, keep the device from which you access your online accounts separate from the device on which you receive your 2FA secondary passwords; and protect all your devices at all times.