While organizations continue to devise more robust defenses, ordinary users have relied on name and password authentication to various services for years. The more careful then included – or at least somewhere – multi-phase verification, or two-phase (two-factor, if you like) authentication.
It allows you to securely log into a website or application by providing two or more pieces of evidence (factors) to prove your identity during authentication: knowledge (something only the user knows), ownership (something only the user has), or characteristic ( something that only that user is). Multi-step verification protects users from digital identity theft (personal data, money or other assets). For example, Google, Facebook, Steam, online banking, e-mail boxes, password managers, etc. support two-step user login. The number of services and devices with the possibility of two-step verification is increasing very quickly, which is good.
So two-factor authentication creates an additional layer of defense, requiring users to use a text message, biometrics (fingerprint, face, retina), app, or dongle to confirm that they’re actually trying to sign in to their account. This can help prevent cybercriminals from logging into online accounts with compromised or stolen passwords.
While the activation of this additional security element is quite often up to the user – whether to use it – in the future everything may be different. For example, companies may require it compulsorily, which some already do. It is already standard in banking. This makes it difficult for hackers. Even if they get the login name and password, they simply won’t access online banking without a second verification. Two-factor authentication controls thus ensure safety.
The best way to do multi-factor authentication
There are several methods of two-factor authentication. In addition to the option of sending a special code to an e-mail, sending an SMS to a phone number containing a security code is also widely used. However, both of these methods are considered to be less secure and already obsolete. Attackers can redirect both e-mail and text messages. Therefore, the best possible option today is considered to be an application on a smartphone. Almost everyone has this device at hand today, access is done by simply confirming a notification, or using a specially displayed code that is copied into the service being accessed.
While the applications of the companies to which you log in are used for notifications and confirmations, and therefore should be the most secure form – typically online banking, digital state identities and the like – it is not necessary to have a different authorization application every time for overwriting. If the service operator allows it, only one application can be used.
How authentication applications work
The principle of the applications is based on the generation of one-time access codes based on the current time (TOTP or OTP), which are usually six digits long and are renewed usually every thirty seconds. Once multi-factor authentication is set, every time the user wants to log in to the selected service or even a device (for example, it can be used for NAS – data storage), it is required to rewrite the code from the application to the login form and then he finds himself in the service. The time limit is used so that a thief who eventually manages to obtain the access data (name and password) cannot guess the access code (it is almost impossible to bypass it in those few seconds). Let’s just add that the codes are generated based on different algorithms.
Since services usually use solutions based on the same standard, they can be combined into one. Which is a huge advantage and makes it unnecessary to use several of them. So you just need to download one application, install it and add the individual services you use. This is done by opening each individual service that has two-factor authentication support implemented through the application. Most of the time, this setting is somewhere in the security section, etc. For example, in the case of Facebook, just go to it to this page, prove yourself with the access password and click Manage > Add new application in the Authentication application section. A QR code and a text code will be displayed. Then just open the application on your smartphone and click on the option to add a new account, scan the QR code with the camera or rewrite the code. Then just enter the displayed confirmation code in the application into the service and that’s it.
Despite its imperfections, multi-factor authentication provides better protection than just using passwords. In short, this additional level of protection should be used wherever possible. It provides better security than copying SMS codes. It is necessary to realize that even if someone steals the login name and password, this method will protect the account. That is, provided that the attacker does not have physical access to the “unlocked” phone. Activation and setup takes less than two minutes and increased security is guaranteed.