What is two-factor authentication?

November 20, 2020

Learn about two-factor authentication and how it can help you protect your online accounts and personal data

A woman using two-factor authentication to log on to her online account

If you've been operating in the digital world for any length of time, you may very well have had the unfortunate experience of being hacked. Of course, we do our best to create strong passwords, but in the event that they fall into the wrong hands, there is nothing standing between your account and the hacker.

That's where the concept of two-factor authentication comes into play. Two-factor authentication has become a critical security feature in recent years and helps protect consumers from having their personal information compromised online. So, what is two-factor authentication, exactly? How does it help protect your online accounts from hackers and what do you need to do to set it up? Read on as we answer these questions and more!

What is two-factor authentication?

Two-factor authentication, which is commonly referred to as 2FA, is a type of multi-factor authentication. While the name may sound technical, the concept of 2FA is quite simple — it's a security feature that requires two types of information in order to gain access to a specific account or to complete a transaction.

For example, if you go to an ATM to get cash, you need to have not only your debit card but also the PIN for your debit card. If you have a safety deposit box at a bank, there are typically two keys required to gain access - one that you hold and one the bank holds. In both cases, this ensures that a criminal can't gain access with one key or piece of information alone. 

Therefore, 2FA is the digital equivalent of a PIN and debit card combination. Any service provider that enacts 2FA requires you to include an additional piece of information other than your password. By doing this, they add an extra level of security to your account.

Why is two-factor authentication important?

On the surface, two-step authentication may seem a little tedious and tiring. If you want to place a quick order from your favorite online store, it may be frustrating to have an extra layer of security added into the process. However, the more we use the internet and all its wonderful features, the more vigilant we must become when it comes to protecting our personal data. That's why many people find that the added layer of protection 2FA offers is well worth any minor convenience. 

By requiring at least two pieces of information to be provided before giving you access to your account, multi-factor authentication makes it much more difficult for anyone other than you to gain access to it. It's a simple way to provide you with significant protection from hackers who could potentially steal your identity using the personal information stored in your account.

"But if I have a long, strong password, isn't that enough to protect my account from hackers?" you might ask. It's true - the longer your password is and the more characters you make use of, the harder it is for a hacker to figure out or guess (which is known as a "brute force" approach). However, hackers are resourceful, and they don't always need to use the brute force method. Sometimes, they can trick you into giving it to then yourself without you knowing. 

For example, many phishing attacks can actually secretly upload malicious software called "keyloggers" to your device, which can record your keystrokes and report back to the criminal. If you have a keylogger on your device, it doesn't matter how long or strong your password is.

Furthermore, phishing and smishing attacks often trick people into entering their account information into a fake version of a website. They may send you an email claiming to require "account action" and link you to a page that looks very much like your bank's website, but in fact is a trap designed to steal your password. 

In both of those examples, a strong password won't be enough. To be clear, you should still have strong passwords, but the point is that they aren't invulnerable. However, coupling a strong password with some form of two-factor authentication makes for a nearly impervious line of defense - even if they have your password. 

Fortunately, the rise of biometric technology combined with the increased reliance on mobile devices has made multi-factor authentication easier to use than ever before. Additional security measures, such as providing a thumbprint or a face scan, can give you a quick and easy way to implement 2FA.

What are the downsides to two-factor authentication?

It's important to keep in mind that the extensive benefits associated with two-factor authentication far outweigh the disadvantages. However, there are some downsides that you will want to keep in mind. For instance, if you lose access to your second piece of authentication, you could be locked out of your own account. And of course, it is not completely foolproof - nothing is. Even though it is incredibly unlikely, there is still the remote possibility that a hacker can bypass your 2FA.

Before implementing 2FA on a particular app or account, make sure to look into the account recovery process for the service in question. Some companies will allow you to go through a verification process to grant access in the event that you lose one of the pieces of your 2FA. Of course, this is usually a rather involved process that may require verifying your identity with official documents, but if it were easy, it probably wouldn't be as safe. 

It's also worth noting that there are still some services and companies that don't have an option for 2FA at the moment, or otherwise don't have a way to implement it using a third-party authenticator. While this isn't necessarily a defect with 2FA itself, it's important to consider which services offer this level of security before handing sensitive data to them.

Types of two-factor authentication

In addition to your customized password that should be lengthy and include a variety of characters, capitalized letters and numbers, there are several pieces of information that may be used in the multi-factor authentication process. These are the most common types of two-factor authentication:

Email confirmation. When this information is required for 2FA, a confirmation email is sent to your personal account. The email usually contains a PIN or passcode that only works for a short period of time. So, you would enter your password on the account login screen, and then go to your email inbox to retrieve the temporary code, which you then also type into the login screen. 

Text message confirmation. This is a particularly convenient form of two-step authentication, especially if you access most of your accounts using your phone. In most cases, you will receive a text message with a temporary PIN number, code, or a link to verify your login attempt. 

However, it's always important to take a moment to verify that the verification text message is coming from a legitimate source. There are a number of scams that send text messages with links, pretending to be some form of authentication. If you get an authentication text, and know that you didn't request one, it may be a phishing attempt (or someone trying to gain access to your account). For this reason, many security experts consider this form of 2FA to be the least secure. 

PIN. PINs are commonly used by banks and other financial institutions, because they have been proven to be a very secure form of authentication when combined with a physical card. Online, combing a PIN with a password can make it far more difficult for a hacker to gain access to your accounts. That having been said, the longer your PIN, the more secure it will be.

Biometric confirmation. Biometric confirmation is an innovative form of two-step verification that is becoming increasingly popular. This technology uses a person's biological features to confirm the transaction. This might include facial-recognition scans or thumbprint scans, both of which are available on the majority of new phones and devices. 

Hardware-based confirmation. Physical objects, such as specialized USB flash drives, can be used to add another layer of security to your accounts. Essentially, any time you would attempt to login to an account through a web browser, you would have to plug your USB "key" into your computer. The USB device can then communicate with the browser, essentially "responding" to the "challenge," verifying that you have the correct key. 

Think of it like this: You try to access your account through your browser, and the browser shouts, "What's the password?!" Then, you plug your USB device into your computer and it responds, "Temporary-password-123!" (or whatever the randomly-generated password is at that time). However, without the USB device in place, the question goes unanswered, and access is denied. Of course, your computer isn't actually shouting - this all takes place behind the scenes in the code. 

Some companies produce their own hardware keys to help you protect that account, but you can also purchase a universal key, which works with a range of different accounts and services. Before you buy one of these keys, make sure to check which services and accounts it's able to protect. Although they are called universal keys, they don't always work with every single account. 

Authentication app. Many popular companies now offer two-factor authentication for their own programs, but there are third-party apps available that can help you secure accounts that do not. Like the USB key, these apps can be configured to protect almost any program or account you own. Most of these apps use a method called Time-based One-time Password (TOTP) to generate random, single-use codes that are heavily encrypted. 

How to set up two-factor authentication

Fortunately, multi-factor authentication is becoming very customary, so many of the apps and websites that you use on a regular basis likely already have 2FA in place. As an added benefit, most smartphones and mobile devices have biometrics features installed, which makes it easy for you to utilize the two-step authentication features that are available.

However, if you want to make sure that you are using two-factor authentication no matter what, you can install some apps on your phone that will require 2FA for any transaction or login on your device. Some of the most popular 2FA apps include Google Authenticator and Authy 2-Factor Authentication.

Almost everything is more convenient online, but that convenience may come at a cost. When everything is connected through the internet, your personal data is often only protected by a thin veil of security. Two-factor authentication is a simple way for you to reinforce that barrier and ensure that your data, finances, and identity are protected. 

A person using a thumbprint as two-factor authentication to access their online account

Since 1896, Germania Insurance has been the Insurance Texans Trust for great coverage and outstanding customer service. But don’t take our word for it! Hear what our customers have to say

For more information about our insurance products, request a free quote online, or reach out to one of our trusted agents today!

Read more: Our smartphones make life easy, but are not without risks. Read our blog to learn how to avoid mobile payment scams and digital wallet fraud!

by Geoff Ullrich

About the Author

Geoff Ullrich is a writer and Content Marketing Specialist at Germania Insurance.