SMS or OTP based two-step authentication is very common these days. We all are very familiar with the concept. Whenever we try to transfer money via net banking, we receive an OTP that we need to enter to complete the transaction. This is a very common example of two-factor authentication or 2FA.
The solution adds up an additional security layer over a password. The sectors like banks, insurance, and finance companies are highly relying on the solution.
How is the solution different from normal authentication?
While traditional login requires only one set of credentials (username and password) to login any resource, the systems protected with two-factor authentication require an extra component. These two components are chosen from:
- Something you have ( mobile phone, email, ATM card etc)
- Something you know (answer to some a personal question)
- Something you are (fingerprints, voice etc.)
The combination of two different factors makes it difficult for hackers to get access. Now they have two walls to cross in order to get the complete access. They can steal your password (first factor) but having rights over the second factor is almost impossible. That is why the solution is safe.
But nothing is hundred percent safe, hackers are very smart and there are several ways through which they are getting success in hacking systems protected with 2FA. Some of the possible reasons of why 2FA is not secure are:
- Imagine a situation where you lost your mobile phone, the attackers may be able to get your 2FA password.
- It may be possible that users wrote down their 2FA passwords somewhere on a paper that gets stolen.
- Attackers can also use keystroke logging script in order to get access to 2FA passwords.
- Via VOIP based systems the OTO code can be copied.
The points mentioned above raise a very important question, how secure the solution is? Comment below your views on this in the box below.