What is Two-factor Authentication (2FA)
2FA is one element of multi-factor authentication (MFA), which verifies a user’s identity through biometric (fingerprints, face ID) and contextual (email verification link, IP address) factors to secure access to sensitive information. 2FA is the foundation of MFA. Chances are you’ve already been using it or use it every day without realizing it.
2FA confirms your identity to ensure you have a right to access the resources you are requesting. It’s been around for ages, even before the web.
The pertinent information on a credit card is the credit card number. That’s what’s used to make a purchase or pay a bill. But even before online shopping, 2FA existed to use a credit card. Today you typically provide the name, zip code, security code, and expiration date to use your credit card online. In person, the original 2FA, meant showing the card itself. Now chip readers and stripe swipers are also used.
Debit cards and ATMs
Have you ever used a debit card at an ATM or a payment without having to enter a personal identification number (PIN)? PINs are 2FA, where they are the second form of identification to make sure the user is authorized.
Do you have websites, mainly financial or healthcare-related, that require a code to be sent to your phone or email to verify that you are the authorized user? These may need you to confirm your identity or enter a code, and this represents a second form of verification – two-factor authentication.
Whether in person, on the phone, or online, have you ever been asked to provide the last four digits of your social security number? Yep, that’s 2FA.
2FA is a secondary means to verify and authenticate your identity. We’ve all incorporated it into much of our everyday lives. It’s a simple step that can provide additional protection against identity theft or security breaches. And it’s easy to add to existing logins.
What are the types of 2fa?
Different identity providers offer different opportunities for 2FA. Additionally, vault or password managers also offer a variety of ways to incorporate this extra step. They can include:
Tokens are questions or information, in addition to your username and password, used to identify who you are. These can be PINs, pre-set answers to questions, or a combination of numbers, such as your birthdate and last four digits of your social security number.
These are physical, tangible elements used to verify that you have authorized access. These can include physical credit or debit cards, scanning devices, or even a USB device – e.g. YubiKey. They can also be follow-ups such as text codes or push notifications that you engage with to verify your identity.
These are more specific, stronger, and often the easiest to implement. They include things like face identification, voice activation, or fingerprint scans.