What is Two-factor Authentication (2FA)?

Wed 16 Aug 2023
Home 9 Knowledge Base 9 What is Two-factor Authentication (2FA)?

What is Two-Factor Authentication? Or 2nd-factor authentication (2FA)?

Two-factor authentication (2FA) is an extra layer of security used when logging into websites or apps. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to.

The second form of authentication is a code that’s generated by an application on your mobile device or sent as a text message (SMS). After you enable 2FA, FEITIAN generates an authentication code any time someone attempts to sign into your account on ftsafe.us. The only way someone can sign into your account is if they know both your password and have access to the authentication code on your phone.

How does it work?

Authentication typically works with a few factors:

  • Something You Know: Password, Security Questions, PINs
  • Something You Have: Things In The Users’ Possession, E.G., Smartphones, Hardware Tokens
  • Something You Are: Usually Biometric Factors (Fingerprint, Iris, Face ID, Etc)

Multi-Factor Authentication

Multi-factor authentication means that whatever application or service you’re logging in to is double-checking that the request is really coming from you and not a hacker, by confirming the login with you through a separate venue, or factor.

MFA is essential to digital security because it immediately neutralizes the risks associated with compromised passwords. More than 2/3rds of people continue to use the same passwords across multiple accounts. If a password is hacked, guessed, or even phished, that’s no longer enough to give an intruder access: without approval at the second factor, a password alone is useless.

Authentication typically works with a few factors:

  • Something You Know: Password, Security Questions, PINs
  • Something You Have: Things In The Users’ Possession, E.G., Smartphones, Hardware Tokens
  • Something You Are: Usually Biometric Factors (Fingerprint, Iris, Face ID, Etc)

Best Practices for keeping your account secure

  • Use a password manager, such as Google password manager, 1Password or LastPass
  • Generate a unique password for your ftsafe.us account
  • Enable two-factor authentication for your account
  • Never share your password

Add a security key for 2FA

After you configure 2FA using a mobile app or via text message, you can add a security key, like a fingerprint reader or Windows Hello. The technology that enables authentication with a security key is called WebAuthn. WebAuthn is the successor to U2F and works in all modern browsers. For more information, see “WebAuthn” and “Can I Use.”

We strongly recommend you to enable 2FA for the safety of your account, not only on ftsafe.us, but on all other websites and apps that support 2FA. If other services and apps you use do not support 2FA, consider not using it or replacing it with another service that does support 2FA.

Configuring two-factor authentication using a security key

After you configure 2FA using a mobile app or via text message, you can add a security key, like a fingerprint reader or Windows Hello. The technology that enables authentication with a security key is called WebAuthn. WebAuthn is the successor to U2F and works in all modern browsers. For more information, see “WebAuthn” and “Can I Use.”

On most devices and browsers, you can use a physical security key over USB or NFC. Some browsers can use the fingerprint reader, facial recognition, or password/PIN on your device as a security key.

Authentication with a security key is secondary to authentication with a TOTP application or a text message. If you lose your security key, you’ll still be able to use your phone’s code to sign in.

What are the Different Types of MFA?

Phone callbacks

Phone callbacks are one of the less popular versions of 2FA, but they’re an effective — if time-consuming — way to implement a second factor. In a phone callback setup, once a user logs in, they receive an automated phone call that prompts them to approve or deny the access request.

SMS based OTP

Usually consist of a short string of numbers sent to a smartphone. Passcodes definitely count as 2FA. Since they rely on phone lines, however — which can be compromised — they represent the least secure method. Passcodes aren’t a real hit with users, either: each code must be manually entered, which can be a nuisance.

One Time Passcode (OTP) Tokens

Many web security teams opt to arm their users with tokens. These typically are small keychain fobs that generate codes for users to enter as their second factor. Tokens are more secure than cellular-delivered passcodes, as they don’t rely on phone lines, but they don’t address the annoyance of entering codes. Tokens are attractive because they are affordable and don’t require system administrators to collect phone numbers — but they’re battery-operated, and batteries die. Using tokens will mean dealing with the headache of timing replacements to avoid users losing access to crucial systems.

Authenticator Apps

Authenticator apps are exactly what they sound like: smartphone apps that handle the second-factor approval process as standard notifications. Authenticator apps require internet connectivity to deliver login approval requests, which is more secure than using phone lines.

Universal Second-Factor (U2F) devices

They’re small physical devices used exclusively to verify logins. Most commonly this covers FIDO security keys and smart card (CAC/PIV) technologies that built on Public Key Infrastructure (PKI). They typically requires to be connected via USB, NFC, Bluetooth, or dedicated reader devices. When a user enters their password on a computer with a U2F device plugged in, they’re prompted to tap the physical U2F device to gain access. U2F devices are popular because they’re so easy to use — a simple tap and you’re done. Recently, as FIDO technology measures, more and more providers implements a seamless passwordpress experience by combining FIDO2+biometric using something like FEITIAN’s Biopass series

It is worth noting that U2F technologies such as security key is proven to be the best-in-class MFA methods when it comes to combatting account takeover incidents, according to this research by Google.

Related Posts

FIDO U2F Setup Guide for Online Services and Applications

This PDF provides a guide for end-users to enable Two-factor authentication for specific ...

Programming NFC OTP Tokens and Cards on Windows OS

FEITIAN's NFC OTP Token can be programmed to work as offline replacement for the mobile ...
Achieving FedRAMP Compliance with FEITIAN Technologies

Achieving FedRAMP Compliance with FEITIAN Technologies

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide ...
Enterprise Security

Stay in the know

Join our community of security-conscious individuals and organizations who prioritize safeguarding their sensitive data. Stay informed about the latest advancements in cyber-physical technology and discover how FEITIAN can empower you to take control of your digital security.

"*" indicates required fields

Full Name*