Two-Factor Authentication (2FA)

What is Two-Factor Authentication?

Two-factor authentication or 2FA is the authentication process where two of the three possible factors of authentication are combined.

The possible factors of authentication are:

  1. something the user knows (e.g. a password, personal identification number (PIN code), or answer to secret question)
  2. something the user has (e.g. a token, a mobile phone, a USB, a key fob)
  3. something the user is (e.g. face or voice recognition, behavioral biometrics, fingerprint, retina or iris scan)

In internet security, the most used factors of authentication are: something the user has (e.g. a bank card) and something the user knows (e.g. a PIN code). This is two-factor authentication. Two-factor authentication is also sometimes referred to as strong authentication, Two-Step Verification or 2FA.

The key difference between Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA) is that as the term implies, Two-Factor Authentication utilizes a combination of two out of three possible authentication factors, while Multi-Factor Authentication could utilize two or more of these authentication factors.

How does Two-Factor Authentication work?

When you sign into your account, you will be prompted to authenticate with your user name and password. This becomes your first authentication factor. 

For the second factor of authentication, you can use a One-Time Passcode or One-Time Password (OTP) token, a text message with verification code sent to your personal phone number on mobile device (e.g. iPhone, Samsung, Google Pixel), a specialized authenticator smartphone mobile app like Google Authenticator (iOS and Android),  a USB or key fob (e.g. something you have). When combined with your user name and password, the result is a stronger and more resilient extra layer of security. 

Taking this extra step in the authentication process not only frustrates hackers, but also reduces your risk of becoming a victim of phishing attacks, fraud and identity theft.

Why do I need Two-Factor Authentication?

Because single authentication methods like passwords alone are simply not enough to stop today’s sophisticated attacks. 

Two-factor authentication provides a secondary layer of security that makes it more difficult for hackers to access a person’s devices and online accounts to steal personal information. With two-factor authentication enabled, even if the hacker knows his victim’s password, the authentication will still fail and prevent unauthorized access.

Two-factor authentication also provides organizations with an additional level of access control to sensitive systems and online data and accounts, protecting that data from being compromised by hackers armed with stolen user passwords. 

An obvious and common threat to consumers is the hacker obtaining credit cards in victim's name and significantly damaging the credit rating. This can be devastating as credit rating is used in determining the most significant lifestyle purchases, such as a car, mortgage and business loan.

In sum, two-factor authentication can help to reduce your risk of exposure if/when your password is stolen or your email account has been compromised.

Where can I use Two-Factor Authentication?

You should use two-factor authentication for all of the following: 

  • Online banking 
  • Online shopping (Amazon, PayPal, Google Play) 
  • Email (Gmail, Microsoft, Yahoo, Outlook) 
  • Cloud storage accounts (Apple, Dropbox, Box) 
  • Accounts on social media networks (Facebook, Instagram, Linkedin, Tumblr, Twitter, snapchat) 
  • Productivity apps (Evernote, Trello) 
  • Password managers (LastPass) 
  • Communication apps (MailChimp, Skype, Slack)

How do I get started?

OneSpan’s two-factor authentication uses one-time password technology to secure user login and ensure only authenticated users gain access. OneSpan offers a complete range of authentication solutions, including: