What is Two-Factor or Multi-Factor Authentication?

A colleague got to know your password and BAM, your account is hacked.

Strong passwords are good. But they’re not good enough.

That’s why you need two-factor or multi-factor authentication. It’s an extra layer of security that requires hackers to need your password AND another piece of information to gain access to your account. This makes their job difficult.

The second factor could be the access to your phone, your fingerprint, facial recognition, or a secret question. There are also multi-factor authentication processes where you might be asked for more than two security factors.

Different factors in the multi-factor authentication process

The first factor is your password. The other factors could be anything from these options:

• Your phone: It might be an SMS on your phone or a code on an authenticator app. Either way, the hacker will need access to your phone for this.
• Secret knowledge: It could be the answer to a secret question or a special number. The hacker will need this bit of information to break into your account.
• Biometric patterns: It could be a fingerprint scan or facial recognition. There are also options for voice recognition or iris scans.

Generally speaking, SMS/phone authentication works better than a secret question because the hacker will need physical access to your device for that.

Authenticator apps

There are several apps that will help you with two-factor authentication. These apps generate a random passcode that expires after a certain duration. When a hacker tries to break into your account, they will also need access to the authenticator app on your phone.

And since the code on the app expires every, let’s say 30 seconds, the hacker will have a small window of time in which they can get access to your phone, copy the code, and break into your system. Since this is almost impossible, your account will stay safe.

Some such apps are Authy, FreeOTP, and LastPass. They can be installed on iOS as well as Android phones. You can tie-in the app to the service you’re using and you’ll receive the 2FA passcode on the app.

Many websites provide 2FA with cookies and geolocation services. If someone accesses your account from another device or location, they will warn you about suspicious activity. Services such as Gmail and Facebook require you to have 2FA. Make sure you use multi-factor or two-factor authentication on the services you use to stay safe.