Microsoft, Apple, Google, Amazon, Facebook, Twitter—almost any online service you can think of offers two-factor authentication (2FA). While the process can sometimes seem like a pain, it also does offer an extra layer of cybersecurity protection.
Without 2FA, a user enters in just a username and a password during a login procedure to access an online account. 2FA requires an extra step in this process, and this “second factor” makes your account (in theory) more secure. With 2FA, a user must have two out of three types of credentials:
- Something you know (e.g., a PIN, password, or pattern)
- Something you have (e.g., a fob or a phone to receive a text message)
- Something you are (e.g., biometrics like a fingerprint or voice recognition)
2FA has been around for a while, not just in the cybersecurity world but also in the physical security world. For example, consider all those times that you’ve needed to show two forms of ID in order to complete a transaction or change personal information. And while it’s not difficult to use 2FA per se, it adds an extra step to login processes and depending on the platform, it can be more than a little inconvenient.
2FA also isn’t invulnerable to hackers. A high-profile example of a compromised 2FA system occurred in 2011 when RSA’s SecurID authentication tokens were hacked. Jim Fenton, chief security officer at enterprise password replacement system OneID, notes that “2FA mitigates the problems, but a lot of awful attacks can run on 2FA.” That said, users do get more protection from 2FA simply by avoiding becoming low-hanging fruit for hackers. “When you make an attack harder, you’re disabling a certain subset of the hacker community,” says Fenton.
It’s likely that as 2FA evolves, it will become a more frequent target of attacks. However, the technology to thwart these hacks will develop as well. With cybersecurity a prime concern for businesses worldwide, it seems that two-factor authentication will become a necessity—albeit a slightly inconvenient one.
For more information on two-factor authentication and how to implement it on your various accounts, visit CNET’s FAQ page on the subject.