General information
Two-factor authentication
Multifactor — two-factor authentication system, which allows to increase the protection from unauthorized access to your sites and applications several times.
The phrase "Two-factor authentication" or more modern name — "Multifactor authentication" means that more than two factors are used for personal identity verification.
There are three types of factors:
- What is known by the user, is usually login and password.
- What user has, for example, smartphone or USB-token.
- Who is the user of — biometric data: fingerprint, eye retina, face.
The first factor is the most threatened, the third factor — the most secure.
The Problem with Passwords
The issue lies in the fact that people choose passwords that are easy to remember, and therefore easy to guess. Common choices include personal names, car or phone numbers, birth years, favorite bands, and so on. There are databases of passwords that have been previously breached, and analyzing these databases shows that passwords are often either the same or formed according to a common pattern.
The next problem with passwords is that users typically set one password for all their accounts, so compromising the least secure one grants the attacker access to all the others.
The trend in recent years toward "strong passwords," which should be of sufficient length, contain a mix of upper- and lower-case letters, numbers, special characters, and change every three months, does not yield the desired effect. Users set passwords like "Password@123," then "Password@124," followed by "Password@125," and so on. There's a simple reason for this—they can't remember a new password every time it changes.
Partly solving the problem of passwords are password management programs like Keepass, but only to a certain extent, because only a few people use them, and besides brute force attacks, there are many other ways to breach systems relying solely on password authentication.
It's also worth noting that a breach can be carried out by an employee of a company who has access to the password database, even if the passwords are stored in a recommended, secure format.
What Two-Factor Authentication Provides
According to statistics, two-factor (multifactor) authentication reduces the probability of a breach by 99% by utilizing second and/or third factors.
Unlike passwords, the second and third factors are impossible to guess because they employ modern algorithms and robust encryption keys.
There's significantly less risk of authentication data interception during transmission over insecure communication channels, as these data are unique each time and limited in terms of time usage.
In multifactor authentication, the "human factor" is virtually absent.
All of the above applies only to well-designed systems because there is no unified standard for multifactor authentication, and poorly planned implementations can even have a negative impact on security.