Ever thought of a way to secure your account after using a secure password? Well, 2FA does precisely that. In simple terms, 2FA makes it hard for intruders to get into your accounts even after acquiring a password. In a nutshell, 2FA is an extra layer of security that verifies your identity when you log into the account you have secured. Some accounts such as online banking implement 2FA by default while in other accounts you have to enable it. Other accounts will let you connect to other authentication devices. Here, we’ll look at the common types of 2FA and identify the best option for you.
Why use two-factor authentication
As with any authentication mechanism, 2FA relies on factors that verify the identity of the user. There are usually three factors; what you know, what you have and who you are.
Most 2FA services only rely on what you know to verify your identity. With this factor, there’s a risk in that somebody else might also know what you know. For instance, the name of your pet. The second factor, what you have, provides some degree of security as a smaller number of people can exactly possess what you have. For instance, your SIM card or a key. The third factor, who you are, provides an increased level of security due to uniqueness. For example, your fingerprints, facial and voice are unique to you.
A combination of two or all the factors gives rise to ultimate security via authentication. These combinations are referred to as two-factor authentication which is a subset of multi-factor authentication.
Commonly used two-factor authentication methods
This is the most common method of 2FA, and it relies on what you have a factor. In this case, a user must have a SIM card in order to receive the text message. It’s the common method since it works on every mobile phone that uses a SIM card. And since everybody can afford a mobile phone and it’s always kept nearby, this makes text messaging the most convenient method of 2FA.
If you lose your SIM card, you won’t be able to access the message, and hence access to your account will be denied. Also, if someone manages to replace or clone your SIM card, your account will be at risk. There’s also the risk of man-in-the-middle attacks; these attacks can intercept the message and attackers can then use it to verify your identity.
This is the second common method, and it also relies on what you have. Instead of text messages, this method uses authenticator apps. When using a 2FA service set up via the apps, the apps will generate a random code that you will use when logging into your account.
This method has a few risks. For instance, if someone has access to your phone or can screen grab the generated codes, he/she can then log into your account. But if your device is adequately secured, this is unlikely to occur. The most common risk is that most authenticator apps require you to save some codes which you can use in case you lose your device. Where you back up those codes is all that matters. A safe place means no security risks.
This is the latest 2FA method, and it’s the least common. Such as the other methods, it relies on what you have. In this method, you are required to have a hardware key. This key looks like a USB flash drive but with a chip inside. The hardware key should also be compatible with the FIDO U2F standard.
When implemented correctly, this method has no risks; it even eliminates phishing attacks. The only problem with this method is that the hardware keys are limited to a few services such as Google and Facebook, you also need to buy the key, which can be expensive.
Best 2FA method
Regarding security, the hardware Keys method is the best. But since its limited, it’s not convenient. Text messages, on the other hand, can be intercepted and your carrier also knows the content of your texts. This leaves Authenticator Apps as the best option as they offer the required amount of security and convenience.