There are three basic factors that can be used for authentication:
- Something you know (Maybe a password, secret, or PIN)
- Something you have (Your mobile phone or another device such as a key or fob)
- Something you are (Biometrics such as a retina or fingerprint)
A classic username and password authentication system uses only one factor because both pieces of data are “something you know” (and generally a username is public information anyway, so it doesn’t affect security).
Two Factor authentication uses any two different factors. The most common, and generally the simplest, is a combination of something you know (a password) and something you have (your mobile phone).
What are the Benefits of Two Factor Authentication?
Two factor authentication should not take the place of a high quality, unique password; instead it should augment it. Two factor authentication actually works kind of like a safety deposit box at a bank. You have a key, but you also need to show identification. You can’t get into the box without both.
Similarly, I see passwords compromised all the time by a virus on their local system happily sending credentials off to its owner or creator. The fact is, whether your password is discovered through brute force, social engineering, or another type of hack or compromise, two factor can keep the offender out of your account because with two factor a password just isn’t enough. They only have the thing you know, not the thing you have. And if you lose your phone? Well, then they have the thing you had, but they still need the thing you know. You can even reset your two factor authentication in order to invalidate any keys generated by the lost or stolen device.
So, What are the Downsides of Two Factor Authentication?
Let’s get right to it. There are really three things that are required for two factor authentication that are above and beyond what is required for standard username/password authentication. This first two, setting up a two factor app on your device and adding an account to that app, only have to be done once. After that all you need to do is enter a six digit code generated by the app each time you log in.