Все, что нужно знать о двухфакторной аутентификации на сайте

Looking for ways to secure your online accounts? In addition to a strong password, HTTPS connections, and end-to-end encryption, you should also use two-factor authentication (2FA). Two-factor authentication was introduced by AT&T in 1998. She patented «an automated method for notifying a client that a transaction has been authorized based on confirmation by the client.»

What do 2FA and MFA mean? Two-factor authentication (2FA) is a verification process that requires two steps to be completed in order to access sensitive information. Multi-factor authentication (MFA) is a more complex process that uses more than two factors to authenticate a login.

Currently, 2FA is more common and recommended for all accounts on the network to reduce the risk of unauthorized access. There is even a dedicated website https://twofactorauth.org/ that lists all the services that use 2FA and provides detailed information about available authentication methods.

What is a factor?
The factor is the type of authentication. The most common ones are listed below:

  • Username and password. This is the most common authentication factor we use on a daily basis. It requires you to enter credentials to access your account.
  • SMS code. This is a unique, one-time, six-digit code that is sent to your phone.
  • Applications for authentication. Works like an SMS code. The app generates a one-time code consisting of six digits, but instead of sending a text message, you receive this code from the app. You can use one of the many authentication apps, such as Google authenticator, that is available to download on your phone.
  • hardware token. This is a device that generates an encrypted six-digit one-time password that you use in the same way as a text message or a digital code generated by applications. The added benefit of a hardware token is that it comes as a separate device that you can carry around with you.
  • biometric data. These include fingerprints, voice recognition, or a retinal scan to verify login. This factor is difficult to get around, because. it is based on unique biological identifiers. And this is one of the key reasons why biometrics is gaining more and more popularity as an authentication factor.
  • Geolocation. This factor is related to your location and is usually detected based on your IP address. Some companies collect information about your location and flag any login attempts from random locations. For example, you live in Russia, but someone tried to log into your account from China. In this case, the service will notify you of the login attempt and may ask you to confirm the new location. This authentication factor helps to detect unauthorized access at an early stage.

Why should you use two-factor authentication? The main reason for using 2FA or MFA is an extra layer of security. But this does not mean that by adding 2FA to your account, you reduce all the risks for it to be hacked. However, it is becoming a less attractive target for hackers.

This is because the hacker will need to disable not only your password, but 2FA as well. And for this you will have to use a phishing attack, malware and try to activate the recovery of your account. It will then need to reset your password and only then will it be able to attempt to disable 2FA. This is extra work that attackers generally don’t want to do for individual accounts.

Is 2FA really as secure as it seems?

Despite the best intentions to protect online accounts, hackers are becoming more resourceful and looking for new ways to bypass 2FA. And all methods are safe until the first successful attempt. SMS authentication is the most vulnerable, because here SMS-phishing (or smishing) is used, as a result of which the victims lose control of their phone numbers. However, it is much more secure than not using SMS authentication at all, especially if there are no other alternatives.

How to improve the security of your online account?

  1. Passwords are the first thing that will ensure the security of your account. So do your best to keep them reliable. If necessary, replace them with more complex ones using the online password generator.
  2. Keep passwords in a safe place. Stickers or Excel files on your computer are not the recommended method for storing passwords. They must be on a separate device (flash drive, hard drive).
  3. Enable 2FA on all of your accounts that support this feature. This feature is usually found in the «Security» section.
  4. Be carefull. Hackers are constantly learning and applying new hacking tactics that are more sophisticated than ever.