{"id":15025,"date":"2016-04-26T11:16:07","date_gmt":"2016-04-26T11:16:07","guid":{"rendered":"https:\/\/www.whizlabs.com\/?p=15025"},"modified":"2020-08-31T12:20:45","modified_gmt":"2020-08-31T12:20:45","slug":"two-factor-authentication","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/two-factor-authentication\/","title":{"rendered":"Two Factor Authentication"},"content":{"rendered":"<p style=\"text-align: justify\"><span lang=\"EN-US\">We have already read about \u2018authentication\u2019 and its role in security domains and software technologies.\u00a0 Defining authentication yet again, \u2018Authentication\u2019 is specifying who you are to access protected resources. We will elaborate this concept to discuss 2FA or \u2018Two factor authentication\u2019 in this blog post. <\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/two-factor-authentication\/#Why_2FA\" >Why 2FA?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/two-factor-authentication\/#What_is_2FA\" >What is 2FA?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/two-factor-authentication\/#How_is_it_implemented\" >How is it implemented? \u00a0<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/two-factor-authentication\/#Types_of_2FA_authentication\" >Types of 2FA authentication:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/two-factor-authentication\/#Organizations_that_have_adopted_2FA\" >Organizations that have adopted 2FA:<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Why_2FA\"><\/span><span lang=\"EN-US\">Why 2FA?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify\"><span lang=\"EN-US\">Before we see what is meant by 2FA, let us see the reasons behind implementing 2FA. <\/span><\/p>\n<p style=\"text-align: justify\"><span lang=\"EN-US\">Data breaches are not new but the magnanimity of the breaches is growing each year. In 2014 alone, more than 1 billion personal records were accessed illegally. (zdnet.com)The \u2018Anthem\u2019 data breach, the IRS data breach are the most recent data breaches that affected thousands of customers in the US. The Amazon password breach and the VTech breach in 2015, has enabled consumers and organizations to step up their authentication processes.\u00a0(Amazon Forces Password Resets after Possible Security Breach)<\/span><\/p>\n<p style=\"text-align: justify\"><span lang=\"EN-US\">All these reasons and more necessitate the implementation of two factor authentication that might reduce data breaches related to weak passwords.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_is_2FA\"><\/span><span lang=\"EN-US\">What is 2FA?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify\"><span lang=\"EN-US\">2FA is omnipresent in our digital lives without us knowing it. \u2018Authentication\u2019 in its simplest form is implemented by the traditional \u2018username\u2019 and \u2018password\u2019 combination. Most of us have been told repeatedly to keep passwords complicated enough so that it does not get hacked. But having a combination of having upper and lower case alphabets, numbers and symbols for different websites stumps us, more than the hackers! We ultimately forget the different usernames and passwords leaving us annoyed and frustrated.<\/span><\/p>\n<p style=\"text-align: justify\"><span lang=\"EN-US\">\u00a02FA or \u2018two factor authentication\u2019 solves this problem by providing a second layer of security to authenticate the user. In addition to the username and password, we also add a second layer of security in the form of SMS passcodes or hardware tokens or push notifications according to each individual\u2019s smart phone authentication app services. <\/span><\/p>\n<p><b><span lang=\"EN-US\"><a href=\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2016\/04\/two-factor.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2016\/04\/two-factor.jpg\" alt=\"two-factor\" width=\"638\" height=\"399\" class=\"aligncenter size-full wp-image-15026\" \/><\/a><\/span><\/b><\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_is_it_implemented\"><\/span><span><span lang=\"EN-US\">How is it implemented? <\/span><\/span><span lang=\"EN-US\">\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span lang=\"EN-US\">2FA is implemented by <\/span><\/p>\n<ol>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\">\u201csomething you know\u201d (the \u2018username\u2019 and password combination) <\/span><\/li>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\">\u201csomething you have\u201d (a smartphone that receives SMS passcodes as an example) \u201cSmartphones\u201d fits the bill of \u201csomething that you have\u201d since one possesses a smartphone all the time. <\/span><\/li>\n<\/ol>\n<p><span lang=\"EN-US\">This second layer of authentication is in tune with the \u2018layered security\u2019 approach adopted by security professionals to bolster a personal or professional environment. In a \u2018layered security\u2019 approach, even if the first layer of security is compromised, it assumes that the second layer will provide adequate defense, such the resources are not compromised in any way. <\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Types_of_2FA_authentication\"><\/span><span lang=\"EN-US\">Types of 2FA authentication:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span lang=\"EN-US\">\u201cHardware tokens\u201d, \u201cSMS notifications\u201d , \u201cPush notifications\u201d, \u201cPhone callbacks\u201d, \u201cMobile passcodes\u201d and \u201cwearable devices\u201d are a few of the different authentication types. Let us discuss a few of them below:<\/span><\/p>\n<p><span lang=\"EN-US\">Hardware tokens:<\/span><\/p>\n<p><span lang=\"EN-US\">\u201cTokens\u201d are generated on a device, which are then entered into the prompt. One of the disadvantages of this type of authentication is that the device that is used to generate the token must be always present with the user. If the token generating device is pressed multiple times, tokens can get out of sync with the one that is needed to login.<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2016\/04\/hardware.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2016\/04\/hardware.jpg\" alt=\"hardware\" width=\"570\" height=\"427\" class=\"aligncenter size-full wp-image-15027\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><span lang=\"EN-US\">SMS passcodes:<\/span><\/p>\n<p><span lang=\"EN-US\">SMS passcodes are the most familiar form of 2FA implementation. SMS passcodes are sent to the registered mobile device which is then used to authenticate the user. <\/span><\/p>\n<p><span lang=\"EN-US\">Phone callbacks:<\/span><\/p>\n<p><span lang=\"EN-US\">Phone callbacks are another familiar form of 2FA \u2013 wherein, the method calls the user. The user is then expected answer the call and press any button to authenticate himself.<\/span><span style=\"line-height: 1.5\">\u00a0<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Organizations_that_have_adopted_2FA\"><\/span><span lang=\"EN-US\">Organizations that have adopted 2FA:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span lang=\"EN-US\">Apple, Facebook, LinkedIn, Twitter, Google are examples of some organizations that have implemented 2FA. For a complete list of organizations that have enabled 2FA or are in the process of implementing it, visit: \u2018https:\/\/twofactorauth.org\/\u2019.<\/span><\/p>\n<p><span lang=\"EN-US\">Two factor authentication technologies are growing hoping to stop the widespread data breaches. The human factor is the only thing that will make it truly successful!<\/span><\/p>\n<pre><span lang=\"EN-US\">Bibliography\n<\/span>(n.d.). Retrieved from zdnet.com: http:\/\/www.zdnet.com\/pictures\/biggest-hacks-security-data-breaches-2015\/\n<i><span lang=\"EN-US\">Amazon Forces Password Resets after Possible Security Breach<\/span><\/i><span lang=\"EN-US\">. (n.d.). Retrieved from Securityweek: http:\/\/www.securityweek.com\/amazon-forces-password-resets-after-possible-security-breach<\/span><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>We have already read about \u2018authentication\u2019 and its role in security domains and software technologies.\u00a0 Defining authentication yet again, \u2018Authentication\u2019 is specifying who you are to access protected resources. We will elaborate this concept to discuss 2FA or \u2018Two factor authentication\u2019 in this blog post. Why 2FA? Before we see what is meant by 2FA, let us see the reasons behind implementing 2FA. Data breaches are not new but the magnanimity of the breaches is growing each year. In 2014 alone, more than 1 billion personal records were accessed illegally. (zdnet.com)The \u2018Anthem\u2019 data breach, the IRS data breach are the [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[17],"tags":[44,1572],"class_list":["post-15025","post","type-post","status-publish","format-standard","hentry","category-news-updates","tag-2fa","tag-two-factor-authentication"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"profile_24":false,"profile_48":false,"profile_96":false,"profile_150":false,"profile_300":false,"tptn_thumbnail":false,"web-stories-poster-portrait":false,"web-stories-publisher-logo":false,"web-stories-thumbnail":false},"uagb_author_info":{"display_name":"Pavan Gumaste","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/pavan\/"},"uagb_comment_info":7,"uagb_excerpt":"We have already read about \u2018authentication\u2019 and its role in security domains and software technologies.\u00a0 Defining authentication yet again, \u2018Authentication\u2019 is specifying who you are to access protected resources. We will elaborate this concept to discuss 2FA or \u2018Two factor authentication\u2019 in this blog post. Why 2FA? Before we see what is meant by 2FA,&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/15025","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=15025"}],"version-history":[{"count":1,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/15025\/revisions"}],"predecessor-version":[{"id":75862,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/15025\/revisions\/75862"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=15025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=15025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=15025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}