5 ways two-factor authentication, their advantages and disadvantages

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44

More and more people are thinking about using two-factor authentication to reliably protect their data on the Web. Many are stopped by the complexity and incomprehensibility of the technology, which is not surprising, because there are several options for its implementation. We'll go over all of them, sorting out the advantages and disadvantages of each.

Two-factor authentication is based on the use of not only the traditional "login-password" link, but also an additional level of protection - the so-called second factor, the possession of which must be confirmed in order to gain access to an account or other data.

The simplest example of two-factor authentication that each of us constantly encounters is withdrawing cash from an ATM. To receive money, you need a card that only you have and a PIN that only you know. Having obtained your card, an attacker will not be able to withdraw cash without knowing the PIN-code, and in the same way he will not be able to receive money knowing it, but not having a card.

The same principle of two-factor authentication is used to access your social media accounts, mail and other services. The first factor is a combination of login and password, and the following 5 things can act as the second.

SMS codes

Verification using SMS codes is very simple. You, as usual, enter your username and password, after which an SMS comes to your phone number with a code that must be entered to enter your account. It's all. At the next login, another SMS code is sent, which is valid only for the current session.

Advantages

• Generation of new codes at each entry. If attackers intercept your username and password, they will not be able to do anything without the code.
• Binding to a phone number. Login is not possible without your phone.

disadvantages

• If there is no cellular signal, you will not be able to log in.
• There is a theoretical likelihood of changing the number through the service of the operator or employees of communication salons.
• If you log in and receive codes on the same device (for example, a smartphone), then the protection ceases to be two-factor.

Authenticator applications

This option is in many ways similar to the previous one, with the only difference that, instead of receiving codes via SMS, they are generated on the device using a special application (,). During setup, you receive a primary key (most often - in the form of a QR code), on the basis of which one-time passwords with a validity period of 30 to 60 seconds are generated using cryptographic algorithms. Even if we assume that attackers will be able to intercept 10, 100, or even 1,000 passwords, it is simply impossible to predict what the next password will be with their help.

Advantages

• The authenticator does not need a cellular signal; an Internet connection is enough during the initial setup.
• Support for multiple accounts in one authenticator.

disadvantages

• If attackers gain access to the primary key on your device or by hacking the server, they can generate future passwords.
• When using an authenticator on the same device from which you are logging in, two-factor is lost.

Login verification using mobile apps

This type of authentication can be called a hodgepodge of all the previous ones. In this case, instead of asking for codes or one-time passwords, you must confirm the login from your mobile device with the service application installed. A private key is stored on the device, which is verified every time you log in. This works for Twitter, Snapchat and various online games. For example, when you log into your Twitter account in the web version, you enter your username and password, then a notification comes to your smartphone with a login request, after confirming which your feed opens in the browser.

Advantages

• You don't need to enter anything when you log in.
• Cellular independence.
• Support for multiple accounts in one application.

disadvantages

• If attackers intercept the private key, they can impersonate you.
• The meaning of two-factor authentication is lost when using the same login device.

Hardware Tokens

Physical (or hardware) tokens are the most secure two-factor authentication method. As separate devices, hardware tokens, unlike all the methods listed above, will not lose their two-factor component under any circumstances. Most often they are presented in the form of USB dongles with their own processor that generates cryptographic keys that are automatically entered when connected to a computer. The choice of the key depends on the specific service. Google, for example, use FIDO U2F tokens, prices for which start at $ 6 excluding shipping.

Advantages

• No SMS or apps.
• No need for a mobile device.
• It is a completely independent device.

disadvantages

• Must be purchased separately.
• Not supported in all services.
• When using multiple accounts, you will have to carry a whole bunch of tokens.

Backup keys

In fact, this is not a separate method, but a backup option in case of loss or theft of a smartphone, which receives one-time passwords or confirmation codes. When you set up two-factor authentication in each service, you are given several backup keys for emergency use. With their help, you can log into your account, untie the configured devices and add new ones. Keep these keys in a safe place, not as a screenshot on your smartphone or a text file on your computer.

As you can see, there are some nuances in using two-factor authentication, but they seem complicated only at first glance. What should be the ideal balance of protection and convenience, everyone decides for himself. But in any case, all the troubles are more than justified when it comes to the security of payment data or personal information that is not intended for prying eyes.

Where you can and should enable two-factor authentication, as well as what services support it, you can read.