What is Two-factor Authentication or 2FA?
Two-factor authentication (2FA) is a security process that increases the likelihood that a person is who they say they are. The process requests users to provide two different authentication factors before they are able to access an application or system, rather than simply their username and password.
2FA is a vital security tool for organizations to protect their data and users in the face of a cybersecurity landscape laden with a higher volume of increasingly sophisticated cyberattacks. Businesses of all sizes have to keep pace with attackers' sophistication and continuously evolve their defenses to keep malicious actors out of their networks and systems.
To answer what is 2FA, a good starting point is remembering that it is a process that moves organizations away from relying on passwords alone to gain entry into applications and websites. 2FA does exactly what it says: provide a two-step authentication process that adds another layer of security to businesses’ defenses.
This makes it more difficult for cybercriminals to steal users’ identities or access their devices and accounts. It also helps organizations keep attackers out of their systems, even when a user’s password has been stolen. The process is increasingly being used to prevent common cyber threats, such as phishing attacks, which enable attackers to spoof identities after stealing their targets' passwords.
What are the Authentication Factors?
There are several types of authentication factors that can be used to confirm a person’s identity. The most common include:
- A knowledge factor: This is information that the user knows, which could include a password, personal identification number (PIN), or passcode.
- A possession factor: This is something that the user has or owns, which could be their driver’s license, identification card, mobile device, or an authenticator app on their smartphone.
- An inherence factor: This is a personal attribute or something that the user is, which is typically some form of biometric factor. These include fingerprint readers, facial and voice recognition, as well as behavioral biometrics like keystroke dynamics and speech pattern trackers.
- A location factor: This is usually guided by the location in which a user attempts to authenticate their identity. Organizations can limit authentication attempts to certain devices in specific locations, depending on how and where employees log in to their systems.
- A time factor: This factor restricts authentication requests to specific times when users are allowed to log in to a service. All access attempts outside of this time will be blocked or restricted.
How Does Two-factor Authentication Work?
The two-factor authentication process begins when a user attempts to log in to an application, service, or system until they are granted access to use it. The authentication process looks like this:
- Step 1: The user opens the application or website of the service or system they want to access. They are then asked to log in using their credentials.
- Step 2: The user enters their login credentials, which will typically be their username and password. The application or website confirms the details and recognizes that the correct initial authentication details have been entered.
- Step 3: If the application or website does not use password login credentials, then it will generate a security key for the user. The key will be processed by the authentication tool, and the server will validate the initial request.
- Step 4: The user is then prompted to submit a second authentication factor. This will usually be the possession factor, which is something that only they should have. For example, the application or website will send a unique code to the user’s mobile device.
- Step 5: The user enters the code into the application or website, and if the code is approved, they will be authenticated and given access to the system.