In the modern world of computer tech, when it comes to information and personal data protection the use of passwords only is no longer reliable. It’s no secret, that even complex combinations of words, digits and symbols used as passwords are vulnerable to hacks or can be stolen through phishing and social engineering. The rapid development of the Internet and its websites, social networks and online services is followed by the development of malicious ways of stealing data and its further use to gain benefits or harm its owner. This requires finding reciprocal methods of protection and new means of security for users and their personal data. One of those methods and the most effective today is two-factor authentication. So, what is two-factor authentication, what types of 2FA exist and what solutions are the most optimal for individuals and business?
What is 2FA?
Two-factor authentication or 2FA is a subset of multi-factor authentication that is based on confirming a user’s identity by using two independent factors. The first factor is normally a password or a PIN-code. It may be of different complexity and the person using it has to memorize it or save it in any available form. Generally, strong passwords are hard to remember and usually, people use simple combinations of words and numbers that are highly vulnerable to brute-force attacks. In the meantime, keeping passwords — even the strongest ones — in a form of a text document or an image has its own drawbacks connected with the risk of being stolen through physical access to the device, or through phishing and spyware. That is where the second factor comes in, requiring to present one of its varieties to confirm the identity.
Types of authentication factors
- Knowledge factor. It’s something the user knows: password, PIN-code, pattern.
- Possession factor. It’s something the user has: smartphone, token, hardware security key.
- Biometric factor. It’s some biological feature of the user: fingerprint, iris pattern, voice.
This, of course, is not an exhaustive list of authentication factors representations. Let us look more closely at the methods and devices used in 2FA.
Knowledge factor includes passwords, PIN-codes and patterns, but as the second level factor a secret question is used more commonly, and the answer to it must be known only to the user. This method is not considered to be secure, because the answer to the secret question may be known to hackers.
Pros: relatively simple, no additional hardware needed.
Cons: low reliability, vulnerability to hacks and social engineering methods.
The possession factor’s main condition is a physical possession of a specific device. With the development of mobile technologies, the most common method of two-factor authentication became one-time passwords being obtained from an SMS or an app on the user’s smartphone. Even though this method improves the protection from unauthorized access to accounts, in connection with the increase in the number of SIM-card cloning cases it’s considered no longer secure and not recommended for use.
The next possession factor is hardware security keys. Having a form of a keychain or a tiny module with the USB or NFC type of communications these keys are based on secure electronic devices performing cryptographic operations. Modern authentication keys are supported by the majority of popular applications and online services. With the help of advanced technologies, to date, they are the most secure and easy-to-use 2FA solutions.
Pros: secure, easy-to-use and affordable.
Cons: a hardware device is needed on every login, risk of losing keys.
The biometric factor relies on the biological features of a human. The most common usage have fingerprints, but it also can be user’s palm prints, iris pattern, voice or portrait. Devices used in biometrics are usually quite expensive and many methods are still in the development and are not widely implemented in daily life.
Pros: reliable, no additional hardware needed.
Cons: high price on biometric scanning devices.
Affordable two-factor authentication solutions
At this point, the most commonly used solutions in the field of enabling accounts protection are hardware security keys. Through their affordable price, reliability and simplicity of use these compact devices gain popularity not only among businesses but also among regular users. Many leading IT-enterprises have made use of security keys arbitrary for their employees, in order to improve internal security. Such giants of the IT industry as Microsoft, Apple, Google and Facebook strongly recommend their users to give up the single-factor authentication using passwords only. Following their lead enterprises and individual developers implement the availability of using 2FA hardware keys with their products. The vast majority of applications and online services support these devices, which makes possible using one security key with popular software, social networks, websites and OS.
Types of hardware security keys
The most common type of hardware keys is a small USB device, which form usually resembles flash drives. A tiny form factor is mostly used for semi-persistent connection or installation inside server chassis. Inside these devices is a secure chip performing cryptographic operations separately from the computer on which an account login procedure is initiated. Through this approach, it eliminates the probability of passing a secret cryptographic key between the sides of a connection, therefore improving the security of accounts. USB keys can support one or more cryptographic algorithms. Specific hardware solutions that support only one algorithm are usually used for a narrow range of software and devices and are not suitable for use with other products. Multiprotocol security keys support the majority of authentication standards, which allows using them with a wide range of applications and online services.
What 2FA security key to choose?
Hardware keys manufacturers usually have a few series among the proposed products, targeted at certain tasks and customers’ needs. For individuals, who are going to use security keys for personal purposes it may be useful to take a look at products with the vast support of cryptographic protocols because those keys have the best compatibility with various software and online services.
- For users who plan to protect popular services accounts like Google, Facebook, Twitter, Dropbox , GitHub and others there are U2F Security Keys, that work with hundreds of U2F enabled products. These solutions are available at an affordable price, are convenient and easy to deploy.
- When it comes to a physical connection of hardware keys to PCs and mobile devices through USB-A, USB-C or NFC, or leaving the key in a port, then the best solution will be the 5th generation YubiKeys. This series of USB keys is available in four form factors and includes an NFC-enabled option, for different tasks and connection types.
- For governmental agencies with high requirements to cryptographic standards, there is the FIPS 140-2 validated security keys series. Manufacturers of this USB security keys series ensured their products to be compliant with enterprise cryptography standards.
Of course, informational security primarily lies in the hands of the user. However, following certain rules and using available solutions for accounts protection it becomes possible to ensure a high level of data security. An important factor of IT security is the early adoption of the newest tools and solutions. Improving data protection should not be delayed. The timely deployment of an additional security factor may prevent negative consequences of data theft and damages related to it.
Keep yourself and your data safe!