Mobile two-factor authentication (2FA) is not a new concept. This process has been standard for several years in the banking industry. Now that technology has advanced, mobile two-factor authentication has moved forward as well, but is anything truly secure with mobile devices? Although nothing is foolproof, mobile two-factor authentication can be critical to maintaining cybersecurity.
What is two-factor authentication?
Two-factor authentication references other systems that double-check the authenticity of your identity. It’s an attempt to verify that you are who you say you are, particularly when accessing financial accounts and using credit cards. Typically, the user enters a password and then verifies their identity a second time by entering a code received via text message. Mobile two-factor authentication has proven to be valuable for uses beyond banking, and other industries have adopted the security measure as well, including social media platforms and email platforms. Because hacking into social media or email accounts can disrupt business, access to one password often grants access to other, more important systems.
There are three common authentication methods used in conjunction with passwords:
- Personal knowledge – This is usually a PIN or answer to a secret question: information that typically only the account holder knows. This is the least reliable method of 2FA, as hackers can quite easily obtain personal information.
- Physical device – This verifies identity based on something that the user possesses, such as a phone or USB dongle. The problem that arises with this method is that such possessions can be stolen, allowing hackers access to secure accounts. They may even be able to intercept text messages.
- Biological factor – Face or voice recognition are becoming more popular, along with fingerprints, signatures, and retina scans. Although these are some of the most secure authentication methods, they tend to be the most expensive to implement and are therefore often unavailable.
The benefits of two-factor authentication.
Two-factor authentication demands that you need more than just a password to access your accounts, adding an extra layer of protection to your secured networks. There are concerns that mobile 2FA in itself poses a security risk, as text messages or calls are not secure. While still widely used, SMS is no longer a recommended format for 2-factor authentication, as the National Institute of Standards and Technology (NIST) is recommending an alternate to SMS for security purposes. Luckily, authentication apps are becoming more popular, with the use of one-time passcodes that expire in seconds and vary constantly. Such apps make mobile 2FA much harder to track, and hackers must employ sophisticated methods for a breach to be successful. In most cases, hackers will move on to accounts that are easier to access.
So, does two-factor authentication improve security?
The short answer is yes, two-factor authentication does work when implemented properly – but like everything else, the security is in the implementation. Biometrics and physical authenticators (such as a USB dongle) are more secure than a text message or social media login to authenticate identity. But because nearly everyone carries a mobile device in today’s business world, employing two-factor authentication through mobile 2FA, apps, and other innovative security solutions easily accessible to most employees offer another security layer an organization can implement to reduce risk.