Recall the ‘Authentication‘ post ? Now we deal with two-factor authentication which is an extension to that post. Authentication in the information security realm is the process of identifying yourself to the system. The most popular way of authentication is the classic ‘username-password’ combination. This is one aspect of Information security that touches us all the time.  From email logins, social media logins, we may have to enter and re-enter our passwords everyday. We thereby implement the concept of authentication all the time in our lives! Now let us see what is ‘two factor authentication’ and see what role it plays…
Two-factor authentication:
Do you think the common username and password is totally safe? Is your account totally hack-proof with just a password? Nope – think again… the common username-password combination might be easily cracked by a determined hacker.
Two factor authentication is an additional layer of security for your account. In addition to the username and password combination, one way of establishing two factor authentication is to enter a code that is sent to the user’s phone via a SMS or a voice call. Some other ways of performing two factor authentication are tokens, RFID cards and smartphone apps.
Example of two-factor authentication:
Facebook two factor authentication:
- You will enter your username
- You will enter your password
- You will also additionally be asked to enter a code sent to the phone(assuming you have chosen text messages as your two factor authentication)
- Once you enter the correct password and code, you will be logged in successfully
Example of Google two factor authentication or Google two step authentication can be found here
Now if the hacker intends to hack you account, he has to pass through two layers of security. He has to crack the username/password combination first and then figure the code that is sent to the phone. Two factor authentication might not be the magic bullet to prevent attacks on any account,but since it involves more work, it might stop the hacker from getting into your account. This is the concept of ‘two factor authentication’.
Another trivia related to passwords: Did you know the most common passwords all across the world was “123456”, “123456789”, “qwerty”, “password” and “1111111”? If you have any of these passwords for any of your accounts please do change them as you run a high risk of getting hacked! 🙂
yes, that gives added security to the account.
Yes! 🙂
I have always wondered why this headache of captcha code or OTP. Now I’m clear about its need.
🙂 🙂
Well, although there are 100’s of other ways that hackers can design to crack your password, I feel a lot of people who do not enable the 2-factor authentication process of logging in are at a higher risk of being phished or hacked. Good post, Jayanthi!
Such an interesting read. Thank you for sharing it.