Two-factor authentication (also known as 2FA) is among the most effective ways to improve the security of your online accounts. Within just a few clicks, 2FA can add an extra layer of protection to your online accounts on top of your password. Nowadays, almost every website requiring a log-in procedure for access would urge users to enable 2FA. In this article, we would like to go through 5 common types of two-factor authentication that can effectively protect your accounts from cyber attacks.
This is among the most widely used types of two-factor authentication to implement. When you enable a site’s SMS 2FA option, you’ll be asked to provide a phone number. After you have successfully entered your username and password, a secret one-time passcode will be sent to your mobile device as an SMS text message to verify your identity.
- Easy to implement and use
- Do not require installing an app
- Some people may not willing to give their phone numbers to a given website/platform
- If you lost your phone or SIM, you won’t be able to authenticate
- Your phone number can be used for other purposes, such as targeted advertising, conversion tracking, etc.
- Hacker could clone your SIM card to access your account
Another phone-based type of two-factor authentication is to use an authenticator app. This allows codes to be generated locally based on a secret key. The most widely known app for this is Google Authenticator. The underlying technology for this 2FA type is called Time-Based One Time Password (TOTP), which is part of the Open Authentication (OATH) architecture.
If a site offers this, it will show you a QR code including the secret key. After you’ve scanned that QR code into the app, a new 6-digit code will be produced every 30 seconds. Later, you can enter one of these codes to log in to your account.
- User-friendly and easy to implement
- Time-saving (you don’t have to wait to receive a passcode via SMS/mail)
- Can be used even when your phone isn’t connected to a mobile network
- The secret key is stored on your phone physically
- Lose access to your account (if your phone dies or gets stolen while you don’t have printed backup codes)
- Create inconvenience (you have to unlock your phone, open an app, and type in the code each time)
Some systems, such as Apple’s Trusted Devices, can send a prompt to your device during login. This prompt indicates someone (maybe you) is trying to log in and shows an estimated location for the login attempt. You can choose to approve or deny the attempt.
- More convenient
- More resistant to phishing (it displays an estimated location based on the IP address from which a login was originated)
- Not standardized (you can’t choose from a variety of authenticator apps as well as consolidate all push-based credentials in one app)
- Require a working data connection on your phone
Security keys powered by U2F
Universal Second Factor (U2F) is a relatively new type of two-factor authentication, typically using small USB, Near-Field Communication (NFC), or Bluetooth Low Energy (BTLE) devices called “security keys”. To set it up on a site, you need to register your U2F device first. Later, the site will prompt you to connect your device and tap it to allow the login.
- Require no typing codes
- Phishing-proof (the browser includes the site name when talking to the U2F device, and the U2F device won’t respond to sites that haven’t registered)
- Can use the same U2F device on multiple sites with a different identity for each site
- Most U2F devices cost money
Two-factor authentication via email is a common type used by many users to get access to online accounts. Similar to SMS 2FA, users receive an OTP or secret code via email to claim their identity. Very often, instead of a passcode, they can simply click on a unique link in the email to access their accounts.
- User-friendly and easy to implement
- Available to computers and phones
- Internet required to receive 2FA code
- Email delivery problem (the mail may go to spam or get lost by server problem)
- 2FA implemented social accounts can be accessed by hackers compromised your email accounts
To sum up
Various types of two-factor authentication can be used for different services to ensure that no one will ever gain access to your account without this token. No matter which 2FA method you decide to implement, it’s a good idea to keep these backup codes in a safe place so that you don’t get locked out of your account when you need them.
Feel free to share your thoughts in the comments section!