Before we begin thinking about what exactly Two Factor Authentication is, commonly called 2FA, how it works, and what are the benefits, we need to understand Authentication.
To access an application or software or data, it is always advised to have some form of authentication.
Consider the place holder for this data, as your home and Authentication, as the key to enter your home.
The place holder can be database, access files, variable files, or any link to the data in the store or application.
Case Study: Authentication for Google Account
The example of a Google Account will help you understand authentication, much better.
A Google account can be used for sending and receiving emails, to browse through Videos on YouTube, identify locations on Google Maps, Browse and download the latest apps in Play Store, along with a host of other areas.
All these, using a single email address. Which means, the importance of having authentication to access the Google Account, is the most important.
If an intruder gets into your account, you can realise the havoc it can play on your personal identity over the web.
These would also mean the various applications that are linked to your Google Account.
With the introduction to the case above, you would have realized how important it is to have a safe, and robust password (one that follows all the guidelines to a password that cannot be realized easily).
For now, your password is the only key that you have to access your Google account.
This becomes the primary authentication feature. Along with this, if you add in another authentication method – a randomly generated OTP (One-Time-Password) that Google would send to your mobile phone or alternate email id.
This is a Two factor Authentication or 2FA.
Why is it important to have 2FA two-factor authentication?
No longer can you trust your password to keep you safe. Even if you have a different password for each website you use, malware on your computer (or even on the website itself!) can easily scrape your password and use it again.
Or, if someone sees you type in your password, they can remember it and log in as you.
Think it will never happen to you? Using methods like “credential stuffing,” “password spraying,” or brute-force attacks, hackers can easily break into a lot of online accounts and take over them.
That is always the case. Even tech giants like Cisco and Apple’s iCloud service can be hacked.
This includes cell networks, retail giants, grocery delivery services, music streaming sites, and even cell networks.
These automated log-in attacks can’t get into accounts that have two-factor authentication.
You are also safe from phishing emails when you use two-factor.
Two factor authentication can protect you, even if someone sends you a malicious email that tries to trick you into giving your account username and password to a fake site.
Only the real site will send you a two-factor code that works.
How 2FA helps in protect your data and privacy
Two-factor authentication is becoming more important as companies, governments, and the general public realise that passwords alone aren’t enough to keep user accounts safe in today’s technological world.
In fact, the average cost of a data breach each year is now more than $2 trillion.
Even though 2FA protects against many threats, the most common ones are:
1. Stolen Passwords
Anyone who gets their hands on a password can use it. If a user writes down their password on a pad of paper, for example, that password can be stolen and used to get into an account.
2FA, on the other hand, verifies the user with a second device after they enter a password.
2. Phishing Attempts
Hackers often send emails with links to harmful websites that are meant to infect a user’s computer or get them to give up their passwords.
Once a password is found, it can be used by whoever does the hacking. After a password has been entered, 2FA adds a second layer of verification to stop phishing.
3. Brute-force Attacks
In a brute-force attack, a hacker makes passwords for a certain computer at random until they find the right one.
The second layer of security in 2FA means that a login attempt must be verified before access is given.
4. Social Engineering
Most of the time, hackers just trick people into giving up their passwords. By pretending to be an IT worker at the user’s company, they can gain the user’s trust before they ask for their login information.
2FA stops this from happening by checking the location and IP address of every login attempt after a password is entered.
5. Key Logging
Hackers can use malware to copy a user’s password as they type it, even if they haven’t written it down.
Hackers watch what you type and save the password so they can use it later.
With 2FA, the second layer of verification allows a user to make sure that they are trying to log in, even if their password has been stolen.
Two Factor Authentication Vs. Multi Factor Authentication
Apart from Two Factor Authentication, there are other Authentication mechanisms.
MFA (Multi Factor Authentication) is an authentication method that requires the user to provide two or more verification factors to gain access to any application or data bit or a data pipeline.
Having multiple authentication factor will reduce the likelihood of a cyber attack via that medium.
Most of the Multi Factor Authentication methods are based on the three types of information:
- Your knowledge – Like the password or PIN
- Your inheritance – Biometric, Voice recognition, Optical recognition
- Your possession – Smartphone, Swipe cards
We have now referenced MFA (Multi Factor Authentication) and 2FA (Two Factor Authentication).
How to differentiate between them?
The underlined statement is that 2FA (Two Factor Authentication) is a subset of MFA (Multi Factor Authentication) – where the latter may use more than two methods to authenticate a user or access.
Let’s look at another example, this time you are at an Apple store to buy an iPhone or iPad or a MacBook.
When you want to sign in to a new device for the first time, you’ll need to provide two pieces of information – your password and the six-digit verification code that’s automatically displayed on your trusted devices or sent to your phone number.
With the increase in the number of cyber attacks and leakage of personal data, your password alone is not enough to access your account.
2FA (Two Factor Authentication) completely improves the security of your Apple ID and the personal information that you store within the Apple Cloud (iCloud).
Consider a case where you have lost your iPhone, iPad or MacBook – where in the chances of data leak are high, when these gadgets fall into wrong hands.
There are two ways to use the mobile as an authenticator:
- Having an authenticator application installed, that will generate random numbers to match with the first step of authentication.
- Using the TAC code that comes with the mobile.
What is TAC (Type Allocation Code)?
TAC is known as Type Authentication Code – which is an eight-digit code that uniquely recognizes a cellular device’s hardware.
It is issued by GSMA and formed by the first eight digits of the IMEI number of the device.
Now when we pair up our regular password authentication mechanism with the TAC, the data access will be unique.
Having gone through so many details above, we need to understand that to protect ourselves from automated log-in attacks, two factor authentication (2FA), is the best method.
Some of the two factor authentication methods, in order of their popularity, are:
- Text message code
- An Authenticator App – Like Google authenticator
- Physical security key – RSA token authenticators that generate random combinations of pass keys
Conclusion: Implementation of Two Factor Authentication by Exabytes
To enhance security and protect customers’ data and privacy, Exabytes had fully implemented Two-Factor Authentication (2FA) Time Based Tokens on its cPanel and billing system login starting 1st October 2022.
Using Time-based Tokens, Exabytes customers are required to input a 6-digit number in addition to their standard login and password.
Only your token device (usually a mobile app on your smartphone) will have access to your account’s secret key and be able to generate one-time passwords.
Click here to learn how to enable 2FA below.
How to Set Up Two-factor Authentication in cPanel