How does Two-Factor Authentication (2FA) work?

How does Two-Factor Authentication (2FA) work,, Eric Montgomery, IT Consulting

First, What is Two-Factor Authentication?

Two-factor authentication (2FA) is a subset of multi-factor authentication — a verification security process that makes accounts more secure. Combined with a traditional password, 2FA offers greater account security.

The concept of two-factor authentication is that a cybercriminal needs more than just your username and password to access your account. It is highly recommended that everyone use 2FA on all online accounts, computers, and mobile devices because passwords alone aren’t enough.

I’ve been helping clients, ranging from ages 50 to 95, for years. In my professional experience, most people use weak or recycled passwords across all of their accounts (financial, personal, health, social, utilities, and any other account that requires a password).  

The use of weak or recycled passwords is such a big problem that some 2FA systems simply don’t require the use of a password. Relying, instead, on one of the other authentication factor categories.

There are three authentication factor categories that authentication processes can use to verify the identity of a person:

a secret identifier such as a password or a one-time PIN (OTP)

a physical identifier through possession of something tangible (such as a mobile device with an authentication app, common access card (CAC), security fob, or token)

physical identifiers such as fingerprints, facial scans, and other biometrics

That extra layer of security means that even if a cybercriminal knows your password, they won’t be allowed access to your online account or mobile device.

How does Two-Factor Authentication Work?

Once you have entered your username and password, you will be required to provide proof of your identity through an additional verification method to prove that you (and not someone else) entered your password.

A few examples of how you can provide proof of your identity include:

  • Signing into an authenticator app on your phone such as Google Authenticator (available on both Android and iOS).

  • Plugging in a security token such as a Yubi key.

  • Enabling the device to scan your face, fingerprint, or another biometric factor.

How does 2FA protect you?

When you authenticate successfully, you must provide all of the necessary identifying factors within a specified amount of time.

If you don’t, then the authentication process fails.  

That means, even if your password is part of a data breach, or if someone steals it through phishing, they can’t access your account without having access to that other identifying factor.