Ever thought of a way to secure your account after using a secure password? Well, 2FA does precisely that. In simple terms, 2FA makes it hard for intruders to get into your accounts even after acquiring a password. In a nutshell, 2FA is an extra layer of security that verifies your identity when you log into the account you have secured. Some accounts such as online banking implement 2FA by default while in other accounts you have to enable it. Other accounts will let you connect to other authentication devices. Here, we’ll look at the common types of 2FA and identify the best option for you.
为什么要使用双因素身份验证
为什么要使用双因素身份验证与任何身份验证机制一样,2FA 依赖于验证用户身份的因素。通常有三个因素:你知道什么、你拥有什么和你是谁。 你是谁.
Most 2FA services only rely on what you know to verify your identity. With this factor, there’s a risk in that somebody else might also know what you know. For instance, the name of your pet. The second factor, what you have, provides some degree of security as a smaller number of people can exactly possess what you have. For instance, your SIM card or a key. The third factor, who you are, provides an increased level of security due to uniqueness. For example, your fingerprints, facial and voice are unique to you.
两个或所有因素的组合可通过身份验证实现终极安全。这些组合被称为双因素身份验证,是多因素身份验证的一个子集。
常用的双因素身份验证方法
短信
这是最常见的 2FA 方法,它依赖于你所拥有的因素。在这种情况下,用户必须拥有 SIM 卡才能接收短信。这是一种常见的方法,因为它适用于所有使用 SIM 卡的手机。由于每个人都买得起手机,而且手机总是放在身边,这使得短信成为最方便的 2FA 方法。
风险
If you lose your SIM card, you won’t be able to access the message, and hence access to your account will be denied. Also, if someone manages to replace or clone your SIM card, your account will be at risk. There’s also the risk of man-in-the-middle attacks; these attacks can intercept the message and attackers can then use it to verify your identity.
验证器应用程序
这是第二种常用方法,它也依赖于你所拥有的设备。这种方法不使用短信,而是使用验证器应用程序。在使用通过应用程序设置的 2FA 服务时,应用程序会生成一个随机代码,您在登录账户时将使用该代码。
风险
This method has a few risks. For instance, if someone has access to your phone or can screen grab the generated codes, he/she can then log into your account. But if your device is adequately secured, this is unlikely to occur. The most common risk is that most authenticator apps require you to save some codes which you can use in case you lose your device. Where you back up those codes is all that matters. A safe place means no security risks.
硬件按键
这是最新的2FA 方法,也是最不常用的方法。与其他方法一样,它依赖于你所拥有的东西。在这种方法中,你需要有一个硬件密钥。这种密钥看起来像 U 盘,但里面有芯片。硬件密钥还应符合 FIDO U2F 标准。
风险
When implemented correctly, this method has no risks; it even eliminates phishing attacks. The only problem with this method is that the hardware keys are limited to a few services such as Google and Facebook, you also need to buy the key, which can be expensive.
最佳 2FA 方法
就安全性而言,硬件钥匙方法是最好的。但由于其局限性,使用起来并不方便。另一方面,短信可以被拦截,而且运营商也知道你的短信内容。这使得 验证程序成为最佳选择,因为它们能提供所需的安全性和便利性。
