Updated: May 16
What are Two Step authentication factors?
There are several different ways in which someone can be authenticated using more than one authentication method.
Currently, most authentication methods rely on knowledge factors, such as a traditional password, while two-factor authentication methods add either a possession factor or an inherence factor.
It’s easier than you think for someone to steal your password
Any of these common actions could put you at risk of having your password stolen:
Using the same password on more than one site.
Downloading software from the Internet
Clicking on links in email messages
A knowledge factor is something the user knows, such as a password, a PIN (personal identification number) or some other type of shared secret.
A possession factor is something the user has, such as an ID card, a security token, a cellphone, a mobile device or a smartphone app, to approve authentication requests.
An inherence factor, more commonly called a biometric factor, is something inherent in the user’s physical self. These may be personal attributes mapped from physical characteristics, such as fingerprints authenticated through a fingerprint reader.
Other commonly used inherence factors include facial and voice recognition. They also include behavioral biometrics, such as keystroke dynamics, gait or speech patterns.
A location factor, usually denoted by the location from which an authentication attempt is being made, can be enforced by limiting authentication attempts to specific devices in a particular location or, more commonly, by tracking the geographic source of an authentication attempt based on the source Internet Protocol (IP) address or some other geolocation information, such as Global Positioning System (GPS) data, derived from the user’s mobile phone or other device.
A time factor restricts user authentication to a specific time window in which logging on is permitted and restricts access to the system outside of that window.
It should be noted that the vast majority of two-factor authentication methods rely on the first three authentication factors, though systems requiring greater security may use them to implement multifactor authentication (MFA), which can rely on two or more independent credentials for more secure authentication.
What is two-factor authentication?
Two-factor authentication is a form of MFA. Technically, it is in use any time two authentication factors are required to gain access to a system or service. However, using two factors from the same category doesn’t constitute 2FA; for example, requiring a password and a shared secret is still considered SFA as they both belong to the same authentication factor type: knowledge.
As far as SFA services go, user ID and password are not the most secure. One problem with password-based authentication is it requires knowledge and diligence to create and remember strong passwords.
Passwords require protection from many inside threats, like carelessly stored sticky notes with login credentials, old hard drives and social engineering exploits. Passwords are also prey to external threats, such as hackers using brute-force, dictionary or rainbow table attacks.
Given enough time and resources, an attacker can usually breach password-based security systems and steal corporate data, including users’ personal information.
Passwords have remained the most common form of SFA because of their low cost, ease of implementation and familiarity. Multiple challenge-response questions can provide more security, depending on how they are implemented, and stand-alone biometric verification methods can also provide a more secure method of SFA.
Imagine losing access to your account and everything in it
When a bad guy steals your password, they could lock you out of your account, and then do some of the following:
Go through – or even delete – all of your emails, contacts, photos, etc.
Pretend to be you and send unwanted or harmful emails to your contacts
Use your account to reset the passwords for your other accounts (banking, shopping, etc.)
Keep sign-in simple:
During sign-in, you can choose not to use 2-Step Verification again on that particular computer. From then on, that computer will only ask for your password when you sign in.
You’ll still be covered, because when you or anyone else tries to sign in to your account from another computer, 2-Step Verification will be required.
An extra layer of security:
Most people only have one layer – their password – to protect their account. With 2-Step Verification, if a bad guy hacks through your password layer, he’ll still need your phone or Security Key to get into your account.