There are always two sides to a coin. Internet is no exception to this rule. It is a wealth of knowledge no doubt. But with great knowledge comes great power, and there are people out there waiting to steal that power from you. If you are an internet addict like me, or even if you have an e-mail account, you will be familiar with what hacking is. Along with its own growth, internet has given rise to nefarious anti social elements who are constantly on the lookout for stealing your precious passwords and hacking into your bank accounts, email accounts and social network accounts. Yes, it is a big bad world out there.
Coming to the other side of the coin, there are plenty of efforts going on for maximizing your online security. There are antivirus companies trying to secure your computers against the malicious viruses. There are also email providers who are trying to come up with their own solutions for securing their client’s email accounts. I will be dealing with a particular kind of authentication technique coming up – Two Factor Authentication.
What is two factor authentication?
With standard security procedures (especially online) only requiring a simple username and password it has become increasingly easy for criminals (either in organised gangs or working alone) to gain access to a user’s private data such as personal and financial details and then use that information to commit fraudulent acts, generally of a financial nature. Two Factor Authentication, also known as 2FA/TFA(acronym for two step verification), is an extra layer of security that is known as “multifactor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token. Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person’s personal data or identity.
How does Two Factor Authentication work?
Let us take the example of opening a mail account. The mail provider will ask you a username and password – the standard procedure. It may even ask you some secret question and its answer used in case you forget your password. But if the provider supports Two Factor Authentication, it will ask you for another parameter, something which only you will possess, like your mobile phone number. Once you provide your number, you will get an SMS from the provider, having a auto-generated code. You will have to type in that code in the next step for creating your email account with that provider.
Thus, there are two factors contributing towards your security – your username/password pair and your mobile number. If ever you forget a password or if you think your security has been compromised, you can immediately request a new password from the provider which you will get through the SMS on your mobile phone.
Who all are supporting Two Factor Authentication?
Most of the companies having a dominant presence on the internet have implemented two factor authentication. Some shortlisted companies are:
Can I implement Two Factor Authentication on my website?
Sure why not! If you host your own website, you can install a WordPress plugin or Drupal module that enables two-step authentication with the Google Authenticator app. DreamHost accounts also offer multifactor authentication with Google Authenticator, as does the CloudFlare service.
Do you think two factor authentication is capable of fending off hack attacks? Have you implemented it on your website?