Security of the online accounts, confidential data and information has always been a concern for the authentic end users around the globe. Normally, the users access their online accounts using a single security layer, i.e. the secret password. But, this does not seem a secure way to log in to an online account. It is because the password can be easily compromised by hackers using some proven password cracking techniques like Dictionary attack, Brute force attack, Rainbow table attack, Phishing, Social Engineering, and many more.
For minimizing hacking risk, the best way is to use an extra security layer along with the password, so that if an attacker manages to compromise the first layer, then the second one can prevent him from logging in to your account. Two Factor Authentication emerges as an ideal option in this regard. Use it for securing account when password alone can’t do so.
Two Factor Authentication (2FA) is a security method that adds an additional layer in the normal login procedure for verifying identity of the user. This proven security method requires two factors — password and a verification code, to check whether the user is authentic or not. An authentic end user knows his account’s secret password; the first factor, and the verification code or OTP (One Time Password); the second factor, is sent to the registered mobile number of the user. This verification code is valid only for a few seconds. Due to the use of two different factors in the login procedure before granting access to the user, 2FA security method is also known as Two Step Verification.
Possible authentication factors used for verifying users
Something the user knows (the knowledge factors) — username & password combination, PIN, a secret question & its answer.
Something the user has (the possession factors) — credit & debit card, mobile device, key fob.
Something the user is (the inherence factors) — biometric characteristics of the user such as iris, retina, face scan, voice recognition, fingerprint.
Two Factor Authentication (2FA) security method combines ‘something the user knows’ + ‘something the user has’ or ‘something the user is’. Without the combination of any two out of these possible three authentication factors, it is not possible for any user to gain access to an online account. If an intruder or attacker steals your secret password, then he needs your registered mobile device as well for receiving the unique verification code and logging in to your account successfully. In this way, Two Factor Authentication secures your account when password alone is unable to protect it from several harmful malicious activities.