Published on April 10th, 2013 | by admin0
Why Two-Factor Authentication Works?
We live in a world which has witnessed such a massive explosion in the field of technology that the ordinary man in the street is unable to keep pace with its developments. While the internet and online facilities have made life infinitely easier, the staggering number of online frauds by ruthless and unscrupulous hackers and fraudsters is clearly a cause of much concern. Very often, it is the simple and defenseless who get caught in the quagmire of deception.
It has been generally accepted by markets that the single-step authentication process with username and password for users to access their web accounts is fraught with risk and has proven to be woefully inadequate from a security standpoint. A thorough, more effective and foolproof system is absolutely imperative, together with stricter law enforcement against offenders. The solution to the search for an enhanced and tighter online security system has already been found in the two-factor authentication system which has been introduced and which is increasingly being used in the market for online transactions.
What is Two-Factor Authentication?
Two-factor authentication (commonly known as 2FA), as the name signifies, is a method of authentication which requires users to present two out of three verification factors needed to prove identification in order to gain access to their web accounts. These are the knowledge factor, possession factor, and inherence factor. One of the commonest illustrations of 2 factor authentication is that of an ATM card which uses a combination of two of the factors, viz., knowledge and possession.
The two-factor authentication system offers a variety of options to choose from. There are hardware tokens like key fobs, smart cards, USB devices, software tokens, mobile phone tokens, SMS tokens, one-time passwords (OTPs). Businesses can choose suitable tokens for their users depending on whether they regularly connect remotely or infrequently (out of hours or in an emergency).
Resorting to a two-factor authentication process can help to reduce the prevalence of fraud and stealing identities on the Internet. It can also help reduce the phenomenon of phishing via email.
Although this system dramatically reduces the risk of unauthorized access to a network, there are still a number of drawbacks which have kept it from becoming more popular. Difficulties experienced in keeping a handle on hardware tokens/USB plugs, lack of technical skills required to install software certificates, increasing costs in the installation and upkeep, loss of hardware tokens, are some of these drawbacks which have hindered the implementation of the system. Because two-factor authentication is not a unified system, it has various implementations making interoperability an issue.
What about Tokenless Two-Factor Authentication?
To overcome some of the drawbacks mentioned above, several businesses are now resorting to tokenless two-factor authentication which is a two-factor authentication system utilizing mobile phone SMS technology. In short, it amounts to authenticating with two-factors, without the need of a hardware token, by utilizing an existing device already carried by the user, such as a mobile phone. With billions of mobile phones in use everywhere, the utilization of the phone as an authentication device rapidly solves the problem of additional costs and delays involved in the sending out of hardware tokens. This mode of authentication is considered to be far more rapid and more cost-effective.
Viewed from the security angle too, it would appear that the mobile phone scores over the hardware token. Users are far more likely to keep closer track of their phones and to report their loss immediately. Tokens and smartcards get lost much more regularly and very often their loss is not realized in time to prevent their unauthorized use.
There are well established and award winning companies like TeleSign which offer innovative and cost-effective solutions by way of full, out-of-band, two-factor authentication through a user’s cell phone. Businesses would be well advised to avail themselves of these solutions so as to keep their web accounts safe and secure.
Steven E. Collins is a web enthusiast and a baseball fan living in Los Angeles, CA. He has extensive experience in the field of Internet Security. He likes to share his knowledge through articles and blog posts on implementing security systems for online businesses. You can find him writing anything from best practices for online transactions to prevention of online fraud.