Your security on your conscience

How to implement the project on two-factor authentication properly?

Before you start reading try to answer some questions:

• Have you got personal information in social networks or services?
• Have you ever suffered from hacking into your personal account?
• Do you want to protect your data files from unauthorized access?

If the answer on any of these questions is «YES» this article will be relevant to you.

Due to the increasing amount of different services and attacks on user’s accounts, it was decided to write an article about two-factor authentication. Let’s talk what it is, illustrate it’s value, and discuss, how can it be realized.

The main idea

Two-factor authentication (or 2FA) is an extra method of identifying a user for the account designed to ensure that the user is the only person who can access account, even if someone knows the password. This way of protection contains two different components of authentication data. The introduction of an additional level of security provides better protection of your account from unauthorized access.

Two-factor authentication requires having two types of identification data. For instance, something known to user, something he has or some biometrics. Obviously, the first item includes passwords, pins, secret keys, in other words, something what the user remembers and enters into the system when it requires. The second item is a device (or token) that is owned by the user.

Looking deeper

In general, the essence of the approach is very simple: to get somewhere, you need to double confirm the fact that you’re you, and with the help of two “keys” one of which you have, and keep the other in memory.

The simplest tokens don’t require physical connection to the computer, but they display the pin that the user enters into the system. More complex tokens connect to computers via USB or Bluetooth Interface.
Today, smartphones are used as tokens. In this case one-time password is generated using a special application or sent via SMS.

Tokens can be divided into two parts:

1. Time synchronized one-time passwords are really popular today, because smartphones can be used as tokens. In this case one-time password is generated using a special application or sent via SMS.
2. Passwords based on a mathematical algorithm are aslo very popular.

Time-synchronized one-time password used in Telegram

In many of Google’s services the passwords are based on algorithms.

Sometimes 2FA is implement based on biometric devices, i.e. face scanners, fingerprint or retina of the eye. The main problems here are that such technology is very expensive and that you can be mistaken with the level of accuracy. If you set the resolution of the fingerprint scanner on the max, you risk not to access the service or device, even your hands are cold or wet. Therefore, insufficient match between fingerprint and its benchmark is enough to get access on your account.

Be careful

Speaking about disadvantages of this technology, we must mention some problems. Since the times when 2FA was created and widely spread amongst us, users are still suffered from phishing and malicious software.

In 2007 PayPal tried to implement 2FA with sending one-time password via SMS. Even though at that time this method was quite safe and modern, the pace of its implementation was disastrous low because most users simply ignored the opportunity to increase the security of their data.

Exploring the possibilities of implementation of biometric technologies, PayPal together with Validity Sensors, first decided that it is time to create the standard, which would support all the hardware authentication. In 2013 was founded Fast IDentity Online Alliance to create such standard. Many large companies such as Google, ARM, Bank of America, Master Card, Visa, Microsoft, Samsung and Dell became its members. As a result, FIDO created two standards: U2F (Universal Second Factor) and UAF (Universal Authentication Framework for biometric authentication).

Follow the tops

Let’s see the experience of using two-factor authentication with Apple’s devices. If you want to use 2FA, account access is possible only with trusted devices iPhone, iPad, or Mac. When you first log on a new device you will need to provide two things: your password and a six-digit verification code, which is automatically displayed on the trusted device. After entering the code, the new device is included in the number of trusted devices.

Need more Apple devices!

For example, you have an iPhone and you use two-factor authentication. One day, you have bought an iPad and when you first log in your AppleID account, you will be offered to enter the password and verification code, that is automatically showed on the screen of your iPhone.

To sum up, nowadays, all serious companies need to protect their datafiles. We can make the statement, that methods of protection based on two-factor authentication is the simplest way to improve the safety of your accounts in any kind of business. So, a large amount of organizations use this security measure with confidence.