After so many efforts of security industry to educate people about the weakness of password authentication, awareness is still not as expected. According to a data breach report by Verizon, a weak, default or stolen password was the reason behind 63% of confirmed data breaches last year. It has also been observed that 73% of online accounts are guarded by duplicated passwords.
Having a duplicate password is as bad as no password at all. It can create a “domino effect” that enable hackers to take down multiple accounts just by cracking a single password. So it’s obvious a more secure method is needed to secure your online identities. Around 68% of people demand their service providers to offer an extra layer of security other than passwords. Luckily, two factor authentication is there that can help companies to satisfy their consumer’s need of security.
Two- factor authentication is certainly an effective supplement to passwords. 2FA simply refers to addition of an extra layer of protection that require users to enter something specific. It can be either something they know or something they have. This two factor authentication is widely being used behind the big corporate walls but in the public sector it is not that much popular.
There are primarily four forms of two factor authentication solution, each having their own strengths and weaknesses. Here is a quick overview, let’s see!
SMS verification is the most popular form of 2FA, it uses a cellphone as a secondary method of authentication. When a user logs into their accounts, an sms is sent to their phone number along with a verification code. All a user need to do is to enter this verification code to the login screen to authenticate themselves and voila!
Pros : The biggest advantage of this method is its simplicity as everyone today has a cellphone and whole process takes only a few seconds.
Cons : Problem with SMS verification is that if you don’t have a signal, you can’t get a text. Device theft is also a risk. If the victim has stored his passwords in plain text on the device, the thief then certainly has both factors in hand.
Authenticator Apps !
An authenticator app is responsible for creating a unique code to be used as a secondary password, each time a user logs in. Google- Authenticator is the best known app in the niche that goes with many host applications but certainly there are many more.
Pros : Compatible with multiple host application and doesn’t depend upon cellular phone networks.
Cons : Just like SMS verification, these authenticator apps are also at the rist of data theft.
Physical Authentication !
This is the most secure form of security. In this method, you need a physical token that either plugs into a USB port or generates a unique code to be entered into the login screen.
Con : Hardware can be costly. if you lose it, you are out of luck.
Fingerprint scans, retina scans and voice recognition are some of the examples of Bio-Metrics verification that not rely upon what you have but follows what you are.
Con : Hackers can fool fingerprint scanners with the impressions made in compounds.
Technology is surely improving but it is a bit early to go mainstream. Implementation of any of the above method is good for you since they save you from the biggest data breaches.