Ever thought of a way to secure your account after using a secure password? Well, 2FA does precisely that. In simple terms, 2FA makes it hard for intruders to get into your accounts even after acquiring a password. In a nutshell, 2FA is an extra layer of security that verifies your identity when you log into the account you have secured. Some accounts such as online banking implement 2FA by default while in other accounts you have to enable it. Other accounts will let you connect to other authentication devices. Here, we’ll look at the common types of 2FA and identify the best option for you.
為什麼使用雙重身份驗證
與任何身份驗證機制一樣,2FA 依賴於驗證使用者身份的因素。通常有三個因素;你知道什麼,你擁有什麼,你是誰。
Most 2FA services only rely on what you know to verify your identity. With this factor, there’s a risk in that somebody else might also know what you know. For instance, the name of your pet. The second factor, what you have, provides some degree of security as a smaller number of people can exactly possess what you have. For instance, your SIM card or a key. The third factor, who you are, provides an increased level of security due to uniqueness. For example, your fingerprints, facial and voice are unique to you.
兩個或所有因素的組合通過身份驗證產生最終的安全性。這些組合稱為雙因素身份驗證,它是多因素身份驗證的子集。
常用的雙因素身份驗證方法
短信
這是2FA最常見的方法,它取決於您的因素。在這種情況下,用戶必須擁有SIM卡才能接收簡訊。這是常用方法,因為它適用於每部使用SIM卡的手機。而且由於每個人都買得起手機並且它總是放在附近,這使得簡訊成為 2FA 最方便的方法。
風險
If you lose your SIM card, you won’t be able to access the message, and hence access to your account will be denied. Also, if someone manages to replace or clone your SIM card, your account will be at risk. There’s also the risk of man-in-the-middle attacks; these attacks can intercept the message and attackers can then use it to verify your identity.
身份驗證器應用
這是第二種常用方法,它也依賴於您擁有的東西。此方法使用身份驗證器應用程式,而不是簡訊。使用透過應用程式設置的2FA服務時,應用程式將生成一個隨機代碼,您將在登錄帳戶時使用該代碼。
風險
This method has a few risks. For instance, if someone has access to your phone or can screen grab the generated codes, he/she can then log into your account. But if your device is adequately secured, this is unlikely to occur. The most common risk is that most authenticator apps require you to save some codes which you can use in case you lose your device. Where you back up those codes is all that matters. A safe place means no security risks.
硬體鍵
這是 最新的 2FA方法,也是 最不常見的。例如其他方法,它取決於您擁有的東西。在此方法中,您需要具有硬體密鑰。這個密鑰看起來像一個USB快閃記憶體驅動器,但裡面有一個晶片。硬體金鑰還應與FIDO U2F標準相容。
風險
When implemented correctly, this method has no risks; it even eliminates phishing attacks. The only problem with this method is that the hardware keys are limited to a few services such as Google and Facebook, you also need to buy the key, which can be expensive.
最佳 2FA 方法
關於安全性, 硬體密鑰方法是最好的。但由於它有限,所以 不方便。另一方面,簡訊可能會被攔截,您的運營商也知道您的文本內容。這使得 身份驗證器應用程式 成為最佳選擇,因為它們提供了所需的安全性和便利性。
