Ungeek: What is 2FA?

If you consider yourself a geek or not, the chances are you have delt with Two Factor Authentication (2FA) when you have logged into certain websites or mobile apps...

For example when accessing your bank; but you might not fully know what 2FA means. Also, in the real world, you will have already been dealing with 2FA without even knowing about it. Here is a brief explanation…

Firstly, what is a factor of authentication? In the world of technology there are 3 ways a computer can identify you; these are:

  • Something you know
  • Something you have
  • Something you are

On the web, classically the most basic example of an authentication was a password that is linked to your username. This is an example of Single-Factor Authentication (SFA), however, for things that require a higher level of security and validation, this was not considered enough.

Websites initially would try and overcome with by using additional passcodes or pieces of information your needed to enter (e.g. your mother’s maiden name), however these additional steps are using the same factor; something you know. Therefore, Multi-Factor Authentication (MFA) is considered the best method of identification validation, with at least 2 factors (2FA) being viewed as the best midway point between security and convenience.

This is why, for example, logging into your bank via your phone’s mobile app is often easier than via their website. Their app will use unique identifying factors from your device (MAC address, serial number …etc) to be one factor (Something you have), then use the entered password to create that Multi-Factor validation (Something you know). Alternatively, instead of entering a password, you might use your finger or your face to access your baking app. In this case, the second factor would be Something you are.

When it comes to accessing you bank via a website, you might need to enter a sent text code, or have a dongle that generates random passwords; both methods create the same multi-factor authentication, by adding the ‘Something you have’ factor.

2FA can be perceived to be barrier, however the improvement in security is worth it, and digital solutions using 2FA is not them trying to be more secure than then real world; instead, it is trying to catch up to the real world.

After all, when you use an ATM you put in your card (Something you have) and enter a PIN code (Something you know). Only requiring the card without a PIN or only the PIN without the card to access your money would seem very insecure.

An even more basic example would be needing sign for something (Something you know), needing a utility bill being used to prove your address, which is technically both Something you have & Something you are. 2FA has been around for much longer than you think.

Therefore websites and mobile apps are not trying to unnecessarily secure… they are only trying to be as secure as the non-digital world. It also shows that most people have been happily using Multi-Factor authentication for many years, it’s just we didn’t even realise.

Anton McCoy
Head of Technology