Sergey Nivens - Fotolia

Get started Bring yourself up to speed with our introductory content.

How 2FA security bolsters user authentication

IT pros can limit their exposure by solidifying user authentication. One popular option is to implement two-factor authentication, or 2FA, security on logins.

A growing number of businesses are reinforcing their network access points by requiring users to participate in a second factor of authentication. It's quicker than it sounds and it's likely worth the extra effort for most companies.

In the beginning, there was one-factor of authentication. Users would log into their various accounts by simply entering their usernames and passwords. But password-only systems have long proven fallible. Users get sloppy and leave their accounts exposed. Hackers grow more sophisticated. Systems get compromised.

Enter two-factor authentication (2FA). Known also as multifactor authentication, 2FA requires two different means of verifying a user's identity when logging into a secure account. Think of two-factor authentication as having a second, different kind of lock on your door. If an intruder can get through one deterrent, there's still another waiting after it. That second factor of security is enough to foil your average cybercriminal.

To access your account, you must provide two keys or credentials, preferably two of the following types:

  • Something you know, such as a password, pattern or personal identification number (PIN).
  • Something you have, such as a key fob, RSA token or code sent via an SMS text.
  • Something you are, such as a fingerprint, iris scan, voiceprint or even your face.

You'll find plenty of examples of 2FA security already in action. When you go to an ATM and insert your bank card, you must then punch in a passcode. You have the card and you know the code. It's the same thing when you slide your credit card at the gas pump and then enter your zip code. You might have even used an RSA token and PIN to log into your company's network.

User authentication security comes in many forms, although one-time passwords have become a particularly popular form of two-factor authentication when paired with a regular account password. One-time passwords are essentially a token accessible only through a designated device already in your possession. Often the token is delivered to your smartphone in the form of a four-, five- or six-digit PIN, either within an SMS text message or through an app such as Google Authenticator. To login, you need the regular password and the PIN.

Although 2FA is more work for the user logging on to corporate or consumer systems, the boost in security far outweighs any inconvenience.

When 2FA security is enabled, hackers have a more difficult time breaking into an account -- even if they get their hands on the username and password. The additional validation method adds a second layer of user authentication security, which can significantly reduce the risk of an account being compromised, an important consideration when trying to protect sensitive company data.

Although 2FA is more work for the user logging on to corporate or consumer systems, the boost in security far outweighs any inconvenience. Organizations can feel more confident in the services that employees are using when those services employ the extra validation step.

This was last published in December 2014

Dig Deeper on Enterprise mobile security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

6 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Has your company considered two-factor authentication as a way to boost security?
Cancel
Definitely. With hacking at an all time high -- and the recent Sony fiasco -- we know how harmful a security breach can be. It's important to invest in two-factor authentication to ensure all sensitive materials and information stays that way. In the long run, you save money and you get peace of mind knowing that your business is protected.
Cancel
I have worked at multiple companies, and only the smallest of them decade ago didn't have the need for multifactor authentication.

Because it actually works.
Cancel
The two-factor authentication, though not a silver bullet, could be reliable when it comes with a reliable password. 2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution needed for important accounts requires the use of the most reliable password.

Using a strong password does help a lot even against the attack of cracking the leaked/stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  It is like we cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.

By the way, some people shout that the password is dead or should be killed dead. The password could be killed only when there is an alternative to the password. Something belonging to the password(PIN, passphrase, etc)and something dependent on the password (ID federations, 2/multi-factor, etc) cannot be the alternative to the password. Neither can be something that has to be used together with the password (biometrics, auto-login, etc). What could be killed is the text password, not the password.

Cancel
The two-factor authentication, though not a silver bullet, could be reliable when it comes with a reliable password. 2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution needed for important accounts requires the use of the most reliable password.
Cancel
This is another common sense discussion on how using 2FA can (and likely will) keep your systems and technology assets safe. I agree that any process might have its drawbacks or holes, but this is one of the best solutions we have right now without going full James Bond on everything from accessing a browser to opening a facility door.
Cancel

-ADS BY GOOGLE

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close