What Is Two-Factor Authentication?

Date First Published: 14th May 2023

Topic: Cybersecurity

Subtopic: Security Mechanisms & Technologies

Article Type: Computer Terms & Definitions

Difficulty: Medium

Difficulty Level: 4/10

CONTENTS

Forms Of Two-Factor Authentication
Is Two-Factor Authentication Required?
Why Is Two-Factor Authentication Important?
Difference Between Two-Factor Authentication and Multi-Factor Authentication

Learn more about what riskware is in this article.

Two-factor authentication (2FA), also known as two-step verification, or dual-factor authentication, is an electronic authentication method that requires two forms of verification before signing in. Two-factor authentication is designed to add an extra layer of security to electronic accounts by requiring more than just a username and password to gain access. Even if someone stole the password for someone's electronic account, they wouldn't be able to sign in as it is unlikely that they would be able to verify their identity, unless they had access to the other authentication method.

Forms Of Two-Factor Authentication

Below are 10 forms of two-factor authentication:

A one-time four to six-digit code sent either by a text message to the user's phone or to the user's email address.
A security question and answer created by the account holder. The correct answer to the question must be entered before signing in.
Biometric authentication, including fingerprint, facial, or voice recognition.
A push notification on a registered device set up by the account holder that asks you to accept or deny the request.
Possession authentication. These authenticate users by requiring proof of a possession that only the user should have, like a physical security token which displays a changing passcode that users must enter to sign in, an ID card, or a smartphone app.
A link sent by email which the user must click to sign in.
A QR code that contains a one-time passcode that needs to be scanned by the user's phone.
Software tokens. These are one-time passcodes generated by software. The user needs to have the two-factor authentication app installed on their phone, laptop, or desktop computer. After entering the correct username and password, they also enter the code shown on the app.
Voice-based authentication. When using voice-based two-factor authentication, the user's phone number is rang and the one-time code is verbally delivered.
Risk-based authentication. This is often used in combination with two-factor authentication. Risk-based authentication tracks things like the location, device, and time the user is logging in. If it detects a sign-in from a device other than the user's own device and location based on the factors above, it will ask for extra verification, which will include one of the 9 forms of verification listed above. Using this type of authentication saves asking users for extra verification every time they are signing in from their own device.

Is Two-Factor Authentication Required?

Two-factor authentication is usually an optional feature that you can enable if you want to add an extra layer of security to your account. However, some online services, particularly online banking sites and online shopping sites, may require you to enable two-factor authentication to your account without giving you an option to disable it for your security.

Why Is Two-Factor Authentication Important?

Even though passwords provide the minimum layer of security for an account by only allowing access if the correct password is entered and denying access if the password is incorrect, the security of passwords cannot 100% guarantee no unauthorised access. Especially if weak passwords are used and someone guessed it and got it right or performed a brute-force attack to crack the password, someone would be able to access your account without your permission, putting your data and security at great risk, especially if you pay for things online using your account.

Even if your password is secure, data breaches can leak thousands or even millions of passwords. Over the years, only relying on passwords for authentication has become less secure due to attackers finding lots of ways to crack and steal passwords, including brute-force attacks, keyloggers, and phishing.

Two-factor authentication is much more effective than only keeping your account secured by a password. Even if someone correctly guesses or cracks your password, they will still have to have access to the second authentication method to access your account. Whilst it will take more time to log into your account than just by entering your password, becoming a victim of identity theft/fraud is much worse and you don't want that to happen. So, if you have any accounts which you use for online payment that don't have two-factor authentication enabled, we recommend that you enable it now if there is an option.

Difference Between Two-Factor Authentication and Multi-Factor Authentication

The main difference between two-factor authentication and multi-factor authentication is that multi-factor authentication uses two or more factors to authenticate the identity of someone signing into an electronic account, whilst two-factor authentication always uses two factors. Two-factor authentication is a type of multi-factor authentication and is secure enough for most people, but large businesses and banks may use more than two authentication factors.