What is Two-Factor Authentication?
Learn about Two-Factor Authentication (2FA) as an additional layer of security for your digital assets.
Topics to read before diving into this course:
At the end of the lesson, you will be able to answer the following questions:
What is 2FA?
Why is 2FA important?
How does 2FA work?
What are the common kinds of 2FA?
What is 2FA?#Copy URL to this article section
Two-Factor Authentication (2FA) is an accessible way to enhance your online security. Given how much of our personal information and assets are stored online, having another safeguard on top of our password can help us thwart malicious attacks from hackers and data breaches.
Why is 2FA important? #Copy URL to this article section
The most frequent method of user authentication is still the combination of usernames and passwords. The general guideline for a password should be something that only you know and is tough to guess for anyone else. While using passwords is better than having no protection at all, they are not without flaws. Here are a few reasons why:
Weak passwords. Because people tend to be forgetful, some would only use passwords that are very basic such as “111111," "123456," "123456789," "qwerty," and "password". These easy-to-recall passwords are also easy to hack.
Password recycling. Since remembering various passwords for different accounts can be bothersome, our tendency is to have the same password for multiple accounts, also known as password recycling. This is a harmful behavior that can put your assets at great risk because hackers can use hacking softwares that can test these recycled usernames and passwords across different sites within seconds.
How does 2FA work?#Copy URL to this article section
When you log into your account on a website or wallet, you will typically be asked for your username or email address and password. Once you have entered both correctly, 2FA will prompt a second login, where you’ll need to enter another data that only you have access to knowing. After that, you will be authenticated and granted access to the platform.
What are the common kinds of 2FA?#Copy URL to this article section
We listed down some examples of 2FA and explained how they work to help you choose which one you want to employ.
Hardware Tokens#Copy URL to this article section
Hardware tokens are small, like a key fob. They generate a new numeric code every 30-seconds, and they’re the most ancient kind of 2FA. When a user wants to log into an account, they look at their device and type the 2FA code that appears on the site or app. Some hardware tokens immediately upload the 2FA code when plugged into a USB port. Notable examples of this are Yubikey and Duo Access.
Hardware Token: Yubikey
SMS and Voice-based 2FA#Copy URL to this article section
SMS-based 2FA communicates with a user's phone directly. The site provides a one-time passcode (OTP) through a text message after logging in via username and password. After that, you must enter the OTP you received into the application to gain access. Voice-based 2FA works in a similar way, automatically dialing a user and audibly delivering the 2FA code. Financial services, like banks, use this type of 2FA.
Push Notification #Copy URL to this article section
This is a passwordless authentication system that doesn't require any codes or additional interaction. Instead of relying on the user receiving and entering a 2FA token, websites and applications send a push notification when an authentication attempt is made. When you employ this type of 2FA, you will see this notification and can authorize or refuse access with a simple tap. Facebook utilizes this type of authentication.
Software Tokens#Copy URL to this article section
Software tokens are similar to hardware tokens, except they are in the form of an application. You will need to download and install a free two-factor authentication program on your smartphone or computer. Then, the app can be used with any site that accepts this type of authentication. After logging in, you will be prompted to enter the code displayed on the app. Soft tokens, like hardware tokens, are often valid for thirty seconds. Authy and Google Authenticator are examples of these.
Google Authenticator on PlayStore
If you want to use this 2FA, here is our guide on how to set up your Google Authenticator.