Double authentication (or two-factor identification) is an increasingly used method of securing connections. At the time of its creation, this type of authentication was primarily used to secure financial transactions. Now, two-factor authentication is implemented in many areas.
> Download this guide and learn the basics of HTML and CSS ” align=”middle”/>
This article details the definition of two-factor authentication as well as its usual operating diagram.
What is 2FA two-factor authentication?
Two-factor authentication (2FA) is a widely used security protocol today, installed on many websites and web applications. Its operating principle is as follows: 2 stages of validation of the user’s identity follow one another, each with a different factor.
For example, the application in question asks the user to enter his password, then his fingerprint or then his password, then a code received by SMS. The first case corresponds to a biometric verification, more privileged today compared to the SMS verification, less secure.
The main advantage of two-factor authentication is to use a hardware means to verify the identity of the user wishing to connect, whether it is a phone number, a fingerprint or even a secret question about him. In short, the strength of double authentication lies in this association of 2 verification modes, thus creating complementarity between the various factors.
How does 2FA work?
Two-factor authentication always works according to the same protocol. For example, in the context of an online banking service, 2-step authentication is set up as follows: first of all, the user must enter his username and password. Subsequently, he receives a code by SMS, which must be entered in the interface. Two factors are therefore called upon to validate his identity: on the one hand, his secure password and, on the other hand, his telephone number.
Usually, the second stage of identification relies on a temporary system. In this case, the code sent by SMS is generated only for a few minutes. This makes it possible to ensure that the user seeking to identify himself properly justifies the same identity as the person whose telephone number is linked to the account.
The second validation step can consist of:
- Sending a unique code by SMS.
- Sending by any other means of a temporarily usable code (TOTP – Time-based One-Time Password).
- The use of pairing from another device, usually a mobile phone.
- The use of voice, facial or digital recognition.
- The use of a cryptographic key.
To sum up, there are 3 main types of two-factor authentication.
The first, authentication by biometric verification induces a bodily factor, that is to say an unwavering element of the person wishing to access a personal online space. The bodily factors are facial recognition, fingerprint verification, and scanning of the iris of the eye. These are technologies that are frequently integrated into the most recent mobile devices today.
The second is hardware verification. It aims to add an additional device compared to that through which the user tries to access a service in order to have a higher level of security. The following factors can be used for two-factor authentication with hardware verification:
- The e-mail, with the sending of a unique code to the user, based on the assumption that the latter is the only one to have access to the e-mail box associated with the account.
- The SMS, assuming, again, that the user is the only one to have access to the messages.
- Pairing with a specific device (a protocol similar to that of sending an SMS or an e-mail, but linked to a single device).
- The use of a unique security key.
Finally, application verification is increasingly used in two-factor authentication protocols. It consists of using an external authentication application that can also work offline to validate the information entered during the very first step of identification.
To go further, download this free guide and learn about the definitions, differences, and basic code elements of HTML and CSS programming languages to run your website.