2FA, MFA, Tokens and Codes

Two-factor/multi-factor authentication graphic

Having multiple forms of authentication can help to keep your accounts safe. This extra layer of security, in addition to having a strong password, is an essential option. Should a miscreant successfully get your password it would be difficult for them to gain access to your accounts without access to the other forms of identification. There are 4 types of multi-factor authentication:

  • Something you know.
  • Something you have.
  • Something you are.
  • Somewhere you are. Your physical location can sometimes be used as an authentication factor because the user may need to be in a certain location in order to access the app or account.

Common methods for these verifications are:

  • Text message – A code is sent to the user’s phone via SMS when logging into an account with their credentials. This is a convenient method used by many, but it is also the least secure. This is because if the cyber crook knows the user’s phone number they can intercept the SMS in a SIM swapping attack.
  • E-mail token – A user will log in with their credentials and then a code is sent to their email. This method can also be susceptible to interception if the criminal has access to the user’s email.
  • Hardware token – This is a physical token that either plugs into your device or transfers the key by tapping. It is a very secure method because the thief would have to have possession of the physical key to intercept.
  • Security questions – When using this method, make sure your answers to the questions are confidential and not commonly guessed or found on social media. A fake answer to the question would assist with securing this.
  • Time Base One Time Password (TOTP) – This code is only valid for a short period of time. Most times this is provided through the use of an authenticator app. This is a secure form of authentication as the criminal would have to have access to the device on which the code is generated.
  • Biometrics – Authentication is provided via fingerprint, iris or facial scans.

Whatever additional authentication factor you choose, it provides an additional roadblock to keep unauthorized crooks out of your business. Enable additional authentication to protect your accounts.