ANS Blog

2-factor authentication (2FA) reduces account compromise

March 06, 2018 in 2-Factor Authentication

2-factor authentication (2FA) reduces account compromise

In the world of IT, authentication is the process of identifying that an individual is who he or she claims to be.  It can be based on providing information like a username and password, an ATM card and PIN, a device that can generate or receive a code that can be used to login, or a biometric like a fingerprint that can be scanned. Authentication is a key requirement if you want to carry out a transaction online; but like all other credentials we use, it’s susceptible to being compromised.

Single vs. 2-Factor Authentication

Authentication can be single factor, where a user enters a username and password. It can also be two-factor (2FA), where a user logs in using a username and password, plus enters a one-time-passcode received from another electronic device, like a mobile phone. Authentication can also be multi-factor (MFA) which requires two-factor authentication plus another factor like a voice or fingerprint. A risk-based multi-factor authentication system requires MFA dynamically, based on set of risk-based rules (such as what device you are trying to log in from).

The traditional, and not so secure way to log into an account, like Netflix.com, is single factor authentication. Most people like to use their email address and a familiar password so they can remember it. Enter these two pieces of information and you’re in and able to use your account.  Unfortunately, if you’re one of the 54% of consumers who use five or fewer passwords for all of their accounts, you could create a “domino effect” that allows a hacker into any number of different accounts (most containing a lot of personal information), just by cracking ONE password! That’s where two-factor or multi-factor authentication comes in, both of which offer better protection.

Even though two-factor authentication requires an extra step in the login process, most commercial sites offer the option, and make it a relatively easy process. In fact, you may already be using it now with your online banking or favorite shopping site and not realize it.  A typical 2FA experience is when you log into a web site that sends a numeric code to your mobile phone which you in turn need to enter into the site to access your account.

Increased Security

2FA adds an additional layer of security, making it harder for someone to impersonate you online. So, in the example I gave above, someone would need to steal both your password and your phone to compromise your account. If your mobile phone is locked (which it should be), they would also need your phone PIN, swipe pattern, or fingerprint to unlock it rendering it even less useful.

Unfortunately, there is no safe practice or product available that can guarantee you’ll never experience online, or any other type of, fraud. But using 2FA can help significantly reduce the chances you’ll end up a victim. 2FA should be used whenever possible. Especially when it comes to your most sensitive data—like your primary email, your financial accounts, and your health records. Some sites require you to use 2FA, and many others offer it as an extra option that you can turn on—but you have to take the initiative to do it. You can look here to find a list of websites that offer 2FA; and here for step-by-step instructions on enabling it for your accounts on sites that do offer it.