Two-Factor Authentication (2FA)

By WILL KENTON
 Updated Sep 28, 2020
What Is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA) is a security system that requires two distinct forms of
identification in order to access something.

Two-factor authentication can be used to strengthen the security of an online account, a

smartphone, or even a door. 2FA does this by requiring two types of information from the user
—a password or personal identification number (PIN), a code sent to the user's smartphone,
or a fingerprint—before whatever is being secured can be accessed.

KEY TAKEAWAYS

 Two-factor authentication (2FA) is a security system that requires two separate, distinct
forms of identification in order to access something.
 The first factor is a password and the second commonly includes a text with a code
sent to your smartphone, or biometrics using your fingerprint, face, or retina.
 While 2FA does improve security, it is not foolproof.
Understanding Two-Factor Authentication (2FA)
Two-factor authentication is designed to prevent unauthorized users from gaining access to
an account with nothing more than a stolen password. Users may be at greater risk of
compromised passwords than they realize, particularly if they use the same password on
more than one website. Downloading software and clicking on links in emails can also expose
an individual to password theft.1  2

Two-factor authentication is a combination of two of the following:2

 Something you know (your password)

 Something you have (such as a text with a code sent to your smartphone or other
device, or a smartphone authenticator app)
 Something you are (biometrics using your fingerprint, face, or retina)

2FA is not just applied to online contexts. It is also at work when a consumer is required to
enter their zip code before using their credit card at a gas pump or when a user is required to
enter an authentication code from an RSA SecurID key fob to log in remotely to an employer’s
system.2

 
Despite the slight inconvenience of a longer log-in process, security experts recommend
enabling 2FA wherever possible: email accounts, password managers, social media
applications, cloud storage services, financial services, and more.

Example of Two-Factor Authentication (2FA)

Apple account holders can use 2FA to ensure that accounts can only be accessed from
trusted devices. If a user tries to log in to their iCloud account from a different computer, the
user will need the password, but also a multi-digit code that Apple will send to one of the
user's devices, such as their iPhone.2

Special Considerations
While 2FA does improve security, it is not foolproof. Hackers who acquire the authentication
factors can still gain unauthorized access to accounts. Common ways to do so
include phishing attacks, account recovery procedures, and malware.

Hackers can also intercept text messages used in 2FA. Critics argue that text messages are
not a true form of 2FA since they are not something the user already has but rather
something the user is sent, and the sending process is vulnerable. Instead, the critics argue
that this process should be called two-step verification. Some companies, such as Google,
use this term.3

Still, even two-step verification is more secure than password protection alone. Even stronger
is multi-factor authentication, which requires more than two factors before account access will
be granted.4

Two-Factor Authentication (2FA) from Duo

Double up on security by protecting your applications and environments with two-factor authentication (2FA).
It's the simplest, most effective way to verify that your users are who they say they are.

What is 2FA?
Two-factor authentication (2FA) is a specific type of multi-factor authentication (MFA) that strengthens access
security by requiring two methods (also referred to as authentication factors) to verify your identity. These
factors can include something you know - like a username and password - plus something you have - like a
smartphone app - to approve authentication requests.

2FA protects against phishing, social engineering and password brute-force attacks and secures your logins
from attackers exploiting weak or stolen credentials.

Why is 2FA Important?

Two-factor authentication (2FA) is the foundational element of a zero trust security model. In order to protect
sensitive data, you must verify that the users trying to access that data are who they say they are. 2FA is an
effective way to protect against many security threats that target user passwords and accounts, such as phishing,
brute-force attacks, credential exploitation and more.

Let’s say you use a username and password to complete primary authentication to an application. That
information is sent over the Internet (your primary network). You’ll want to use a different (out-of-band)
channel to complete your second factor. Approving a push notification sent over your mobile network is an
example of out-of-band authentication.
So why does it matter? If a remote attacker is able to tap into your computer via your Internet connection, they
can steal your password, and your second form of authentication — if both are delivered over the same channel.

Without your physical device, remote attackers can’t pretend to be you in order to gain unauthorized access to
corporate networks, cloud storage, financial information, etc. stored in applications.

By integrating two-factor authentication with your applications, attackers are unable to access your
accounts without possessing your physical device needed to complete the second factor.