We all want more security in our lives, especially when it comes to cyber space. We want double layer of protection, double authentication, impeccable secrecy and even want all our communication to travel through secure media. Online services have in the past few years started trying out different methods to impress upon their subscribers and display their serious attitude towards security. 2 Factor Authentication is a word closely associated with passwords and login systems. But does a 2 Factor system really improve security or is it just a hindrance to easily accessing your favourite service or app? This article tries to uncover the pros and cons of 2 factor authentication for login systems.
The main components of 2 factor authentication are mainly “something you know” Eg: A PIN Number, a Password or even the answer to a secret question; “something you have or possess physically” like a Credit Card, a USB Stick, an Auth Dongle, a physical key or even a mobile phone app; “something that is innate to you or is a physical feature” like your fingerprint, your retina, your face, your voice or maybe even your teeth impression. The thing that you know is mostly something unique which cannot be easily guessed or known by a third person. It is something which is a secret or which is obscure, like a password. The Password maybe a combination of some names that you know or are associated with, or they maybe some abstract random words which you have come up with. These are difficult to guess and also tough to identify with even if they are leaked or revealed. The physical token or key that you have is like a second layer of protection, which is a physical possession which only the authorized user should keep or have in their custody. it is only to provide a second layer of protection so that the bank or authority can disclaim their liability in case of wrongful use of your account, after it was authenticated with that physical possession.
Like the name suggests, the primary advantage is that it is a 2 step authentication. This attempts to prove your identity by using multiple steps. It offers a double layer of protection by attempting to correlate the authentication with things that only you would have or know. Eg: your mobile phone is something which is almost inseparable from you. You would have it all the time or would know someone who has it all the time. People rarely share mobile phones or USB pen drives. Similarly, passwords and PIN numbers are also rarely shared and rarely revealed to others. Sometimes even the spouse doesn’t know his/her partners PIN number or password. Thus ensuring that the person logging in to the system is most definitely the person who is supposed to log in.
Mobile Phones, Credit Cards, USB Dongles and even keys maybe stolen and used by an unauthorized person. Voice and even fingerprint recognition devices have been tested to be vulnerable to spoofing and impersonation. Mobile Apps can fail if there is no internet or SMS service at the time of authentication. If your mobile phone is at the repair shop or is not working, you are stuck with choosing some other authentication method or just waiting it out.