Introduction
Two-factor authentication
Multifactor — two-factor authentication system, which allows to increase the protection from unauthorized access to your sites and applications several times.
The phrase "Two-factor authentication" or more modern name — "Multifactor authentication" means that more than two factors are used for personal identity verification.
There are three types of factors:
- What is known by the user, is usually login and password.
- What user has, for example, smartphone or USB-token.
- Who is the user of — biometric data: fingerprint, eye retina, face.
The first factor is the most threatened, the third factor — the most secure.
What is the passwords problem?
The reason is that users choose passwords that are easily remembered and therefore are easily guessed. The most commonly used variants — are the following: name, vehicle registration number, phone number, birth year, music band, etc. There are databases with passwords that have ever been cracked and the analysis of these databases shows that all the passwords are similar or formed on a uniform template.
The other problem of passwords is that the users usually set the same password for different websites, that is why the password cracking of the less secured one allows the cracker to access all the others.
The last years' trend for "hardened passwords" which shall be of sufficient length, contain letters of different registers, figures, special symbols, as well as shall be changed every three months - all these do not have any effect. The users set the following passwords: "Password@123", next is "Password@124", then "Password@125" and so on. For one simple reason — they can not remember the new password every time after its changing.
In some way, the password problems can be solved using password storing programms, such as KeePass, but only a few people use them, and besides the password guessing, there are a lot of other methods of cracking the systems with authentication using password only.
It shall be mentioned that the cracking may be performed by the company employee, who has access to the passwords database, even if they are stored in a recommended, secure format.
Benefits of two-factor authentication
According to statistical data, the two-factor (multifactor) authentication decreases the chances of cracking by 99% due to using of second and/or third factors.
As against the passwords, the second and the third factors are impossible to be guessed, as they use only recent algorithms and strong key of data encryption.
The risk of authentication data capture is far less upon the data transfer via insecure data channels, as these data are unique every time and are limited in time of usage.
In multi-factor authentication, the "human factor" is basically absent.
All mentioned above applies to the high-quality designed systems only, as there is no unique standard for multifactor authentication, but hasty implements may negatively influence security.