Keep your accounts secure even if your passwords were compromised
Why? Because nearly all known password reset links are sent via email. If a malicious individual has full access to that email, they can use it to reset passwords on all the accounts. Hence, you will be locked out of your email and all the accounts, as mentioned earlier.
We know this doesn't sound very comforting, so some measures can help prevent this catastrophe from happening. One such measure is two-factor authentication which we will talk about today. In this guide, we will explain everything about two-factor authentication and how you can use it in your system.
What is Two-Factor Authentication?
Two-factor authentication adds an extra security level when you log into a website, online bank account, credit card portal, or any other site. Almost any website with a system with users will have single-factor authentication with a username and a password. Sometimes, however, even the strongest of passwords are not enough to keep an important account secure.
Two-factor authentication, as can be guessed from the name, requires one extra step to log into a website or access an online account. First, you will have to enter the username and password to get to the second step. Then the site will, in most cases, send you a text message or email with a verification code that you will have to enter into the site to get access to the account.
How does Two-Factor Authentication Help?
Aside from the methods of attack mentioned previously, there are still countless ways to gain access to your accounts. Two-factor authentication adds an extra step of security to prevent a malicious individual who has gotten access to your password from being able to log in to the account.
Before getting into preventative measures, we need to identify what exactly we should care about. Even if you have a very strong password, there are ways hackers could get access to your accounts without even ever having it through things like phishing scams and installing keyloggers on your machine.
Cracking Weak Passwords with Brute Force Attacks
If your password is just a word followed by some numbers, especially if it is not very long, hackers can brute force it. What does that mean? They run a script that attempts every single combination of characters and numbers until they get it right.
There is a way to test whether your password is susceptible to this style of attack with tools such as HOW SECURE IS MY PASSWORD?, which will tell you approximately how long it would take a computer to crack your password.
Please note that you should not enter your same password into these tools, but one of similar characters and format. For example, if your password is 777monovm@Pa55, then enter 936tokern#Rk67. As you can see, they are completely different to our eyes, but to a computer that is trying to crack it, they would be about the same since they consist of the same character types in the same positions.
Whenever you read any suggestions for creating a strong password, they always mention not including any words within a dictionary. This is because hackers can run scripts that enter every word in the dictionary and even try different combinations of said words. Therefore if your password is catsarecute, such an attack would crack it within minutes.
This is one nasty virus that you can catch while browsing the web. It simply runs in the background upon startup, records every keypress that you do, and shares it with the attacker. Not only are your passwords in danger, but your entire private conversations.
These attacks are a bit different from the rest, they do not actually install any malware or run any malicious scripts. These are sites on the internet that are nearly identical to legitimate popular sites such as Facebook and Twitter. Once you try to log in, however, they do nothing and send the login information you used to the attackers’ database.
Types of Two-Factor Authentication
There are different types of Two-factor authentication that are used in different fields according to the requirements.
SMS Two-Factor Authentication
Two-factor authentication in SMS works to validate the user’s identity by texting a specific security code on smartphones. A user needs to enter that code on the particular website he/she is trying to authenticate. It is one of the top options on the website as everyone can receive SMS on their phone number, and it doesn't require any app installation.
TOTP Two-Factor Authentication
The full form of TOTP is Time-Based One Time Password so in this authentication system, the system generates the code locally in the device a user attempts to access. These security codes can be QR codes that you can scan with your smartphone to create a specific number. After that, you need to enter that number on the website to access that particular website.
Push-Based Two Steps Authentication
Two steps authentication is an improved version of SMS and TOTP as it adds an extra layer of privacy and security with an improved easy-to-use system. Push-Based Two Steps Authentication works confirm a user’s identity with different authentication factors that other types can’t do.
Methods of Two-Factor Authentication
There are multiple ways websites can implement two-factor authentication, and each one rolls with the method that works best for them. Here are some of the factors that different sites use.
- Knowledge Factor: This is the most commonly implemented method of 2FA (i.e., 2 Factor Authentication). Upon entering a username and password, you will need to enter a verification code sent to your mobile phone or email. Another example of this would be answering a security question that you set up when creating an account.
- Possession Factor: Probably the safest method, requiring actual hardware to log in. For instance, if you are working with highly classified data, it might be a good idea to set a physical USB key along with your computer’s password.
- Software Token Factor: These are apps that provide two-factor authentication, such as Google Authenticator.
- Biometric Factor: Either fingerprints, facial recognition, or speech patterns are used as a second factor when logging into a website.
- Location Factor: Some sites will rely on your location to confirm your identity.
Why is Two-Factor Authentication Important?
Passwords have been the mainstream form of authentication since the start of the digital revolution. But, this security measure is far from infallible. Here are some worrying facts about this traditional security measure:
- 90% of passwords can be cracked in less than six hours.
- Two-thirds of people use the same password everywhere.
- Sophisticated cyber attackers have the power to test billions of passwords every second.
The vulnerability of passwords is the main reason for requiring and using 2FA. Two-factor authentication might seem like a hassle. After all, you’ll need to take an extra step to log onto your favorite websites. Without 2FA, you could be leaving yourself vulnerable to cybercriminals who want to steal your identification, access your bank accounts, or hack into your online credit card portals.
Why? Without a complex, unique password for each of your online accounts, a skilled hacker may be able to crack your passwords. And once they do, they can easily access the personal and financial information in any accounts with that username and password combination.
Biometrics Two-Factor Authentication
One of the major issues with passwords and tokens is that they can't prove your identity. Biometrics solves that problem. Adding biometrics as an authentication factor is the best way to prove identity because your biometrics are you. Identity-based access control is a significant improvement over alternative authentication factors because you can't forget it, you can't lose it, and they are extremely difficult to steal and unique to you.
Biometrics are light years more secure than other authentication factors and make accessing sensitive information and remote servers easy and effective. When you utilize smartphones to deploy biometric authentication, it's easy and effective; people who complain about 2FA being a nuisance won't have anything to complain about anymore.
To make one final point, many consumers are concerned about protecting their biometrics. This is a valid concern, but if the biometrics are properly implemented, it will enhance personal and professional privacy. Using visual cryptography techniques and a distributed data model helps make sure your biometrics and sensitive information will never end up in the wrong hands. This way, you can use 2FA solutions and still sleep at night knowing your biometrics and data are safe.
Having two-factor authentication on your accounts is still not the end-all solution to protecting your online accounts. Along with 2FA, you should also have strong passwords for all your accounts and use a different password for each one. For ease of use, we recommend using a password manager that will help you keep track of all of them.
We know you have surely heard this before, but we will stress the importance of this statement again: have your password be at least 12 characters long and include both uppercase & lowercase letters along with numbers and special characters (such as &, #, $, etc.); do not include any dictionary words or personal information within the passwords such as birthdate, name, etc.
Keeping your computer malware-free is also crucial to your online accounts' security as even certain types of 2FA can be deciphered with a keylogger. For instance, if the only type of two-factor authentication you have on one of your accounts is a security question, the keylogger will record the answer as well.