Dual factor authentication is a security process in which the user provides two modes of identification from separate categories of data: one is usually in the form of a physical token, such as a card, and the other in the form of stored information, for example a security code.
These two factor authentication/ represent a possessed thing and a thing known. A credit card is a good example of double-factor authentication: the card itself is the physical element, while the secret code (or PIN) represents the data associated with it. The combination of these two elements makes it more difficult to access a bank account by an unauthorized person, who must have both the physical element (the card) and the secret code.
This type of authentication reduces the incidence of online fraud, such as identity theft and phishing, as the victim’s password is not enough to access the information.
What is an authentication factor?
An authentication factor is a category of credentials used for verification of an identity. The three most common categories are often described as follows: one thing you know (the memorial factor), one thing you own (the material factor) and one thing you are (the bodily factor).
For more demanding security systems, location (location) and time are sometimes added as fourth and fifth factors.
A single factor authentication relies on a single category of credentials. The most common method is to enter a username and password (something you know). The security of this method is partly based on the vigilance of the user, as it is bound to respect good practices such as selecting strong passwords and avoiding automatic connections or via social networks.
For any system or network containing sensitive data, it is recommended that more factors be used. Multifactor authentication requires at least two credentials to ensure better transaction security.
One-factor authentication vs. dual-factor authentication
Although an identifier (ID) and password are two distinct elements, they fall under single-factor authentication because they belong to the same type (memorial). A biometric verification method can also be a single-factor authentication. It is only because of their low cost, ease of implementation and widespread use that passwords remain today’s most common form of authentication.
However, the association ID / password is not the most secure method. Several challenge / response questions can enhance security, depending on how they are applied.
Authentication using a password – even robust – has the disadvantage of appealing to the memory and vigilance of the user. In addition, passwords must be protected against a multitude of internal threats, such as forgotten self-adhesive notes, an old hard drive, or social engineering attacks. They are also subject to external threats, such as brute force, dictionary, or rainbow table attacks. If he has enough time and resources, an attacker can easily break a password security system. However, dual factor authentication is designed to provide additional security.
Is dual factor authentication safe?
This type of authentication improves security. But it is not a panacea. For example, a physical Token may be compromised by an attack on its provider, as was the case in 2011 for RSA Security and its SecurID tokens.
The process of recovering forgotten passwords is also a weak link in this technique. When renewing a password requested by a user who has forgotten, a new temporary password is sent by email and avoids double authentication. That’s what happened to the Cloudfare president whose professional Gmail address had been hacked.