• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Cybersecurity / Two Factor What? Everything you need to know about Two Factor Authentication (2FA)

Two Factor What? Everything you need to know about Two Factor Authentication (2FA)

by Gino Coquis
August 16, 2021September 1, 2022Filed under:
  • Cybersecurity

What’s the first thing you think about when someone mentions keeping your online accounts safe? We bet it’s having a long, complicated password. And this is because for many years, having a strong password was the main way to secure an account.

But passwords are vulnerable. And every time a B2C company is hacked, there’s a high chance that your login details have been compromised and will soon be available for criminals to purchase on the dark web. That’s where security measures like Two Factor Authentication come in.

What is Two Factor Authentication?

Two Factor Authentication (also known as 2FA or 2-step verification) is the practice of setting up an added layer of security to your logins. It allows an application to link your user to an authentication mechanism (i.e. Google authenticator app or your mobile phone). When you enter your password to login, it generates a number that expires quickly and is recognized by the application to confirm that your login is valid.

Most applications that deal with sensitive data provide support for 2FA, some of these applications being email, cloud storage, banking, business applications etc.

Why is Two Factor Authentication important, and why aren’t passwords enough?

There is a constant security threat to any organization that provides services over the internet – which is a lot of businesses. Cyberattacks are becoming increasingly sophisticated, and a successful one makes it possible for third parties to steal long lists of usernames and passwords. With this information, third parties can gain access to these accounts and can attempt an account takeover.

This risk is further exacerbated by the fact that many people use the same password in many applications. This means that when attackers get access to someone’s username and password combination, they can access several of that person’s applications.

So, an easy way to prevent this type of unauthorised access is to activate Two Factor Authentication, particularly in applications that contain sensitive data. Preventing access to your account can help protect your personal information and prevent further leaks or loss of data. When you have 2FA active and a third party tries to gain access to your account using your username and password, they will be asked for the 2FA number which they will not have, preventing access to your account.

What are the different types of Two Factor Authentication?

While they all work under more or less the same premise, there are a number of different types of two factor authentication available:

Authenticator App 2FA: this is where the user downloads a free authenticator app to their mobile device. When the user attempts to log in, they’ll need to open the app and use the unique one time passcode (OTP) provided.

SMS text or voice-based 2FA: this is where the user is sent a unique code via text message to a mobile device. Alternatively they’ll receive a call to their phone number with their code. The user then needs to enter this code to complete their login.

Push-based notification 2FA: this is when a notification is sent to the relevant app already installed on the user’s phone (for example the Gmail app). Then the user just needs to approve.

Hardware token/key 2FA: this is one of the earlier forms of 2FA, and is when the user is issued with a device which they use to receive a numeric code for login.

Biometric approval: this is a relatively new addition to the 2FA world, where the user provides a piece of biometric data (i.e. fingerprint or facial recognition image) and this is used to compare and confirm their identity at login.

Remember to protect your recovery codes

Recovery codes are one-use codes issued when you’re setting up 2FA. Remember to keep a record of them, as they’ll enable you to access your account if your authentication device (i.e. mobile phone) is lost or stolen.

Why doesn’t everyone use Two Factor Authentication?

Two Factor Authentication may sound like a no-brainer, but worryingly, ‘How to turn off two factor authentication’ is quite a popular Google search term.

Simply put, people like convenience. People are accustomed to using just their password when logging in to an account, which in many cases is stored in their computer or browser. So, having to open an app or pull a key to log in to their account is more time consuming.

But while 2FA may add another step to your login process, in a world with an ever-increasing risk of account takeovers, the security it provides is invaluable. More and more applications offer it, and a large number of companies are now making it mandatory for their employees. This is particularly significant during these post-COVID times, when working from home and logging in remotely is now the norm in most businesses.

What’s the difference between Two Factor Authentication and Multi Factor Authentication?

Two Factor Authentication and multi factor authentication aren’t that different. Whereas 2FA uses just one other device to authenticate a user’s login, multi factor may use a number of devices or factors to authenticate. Some companies with a lot of sensitive, financial, or personal information at risk may choose multi factor authentication as an added measure.

How to see if you’ve been part of a data breach

It doesn’t matter if your password is complex or long, or if you have different passwords for different accounts. The truth is if your password has been part of a data breach then your account is at risk.

haveibeenpwned.com is a useful tool that helps you check if your email and password have ever been part of a data breach. Google also offers a similar functionality that allows you to check if any of your passwords stored in the Chrome password manager are part of an exposed data breach.

Does Red Sift offer Two Factor Authentication on its products?

Of course! If you want to activate 2FA in your OnDMARC application you can go to My Account (top right), scroll down to Security and click on Enable two-factor authentication. You can also consult our step-by-step article.

Not an OnDMARC customer but want to try it out? Why not sign up below for your free trial.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • 2FA
  • Email security basics
  • Two Factor Authentication

Post navigation

Previous Post Tackle phishing: The rise of the machine
Next Post What is DMARC? A beginner’s guide

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Milan Pro on Genesis Framework · WordPress · Log in