Know and understand two-factor authentication including its purpose and function

Resources | Subject Notes | Information Communication Technology ICT

IGCSE ICT 0417 - Safety and Security - Two-Factor Authentication

Two-Factor Authentication (2FA)

Two-factor authentication (2FA) is an extra layer of security used to protect your online accounts. It requires more than just your password to verify your identity when you log in. This significantly reduces the risk of unauthorized access, even if someone knows your password.

Purpose of Two-Factor Authentication

The primary purpose of 2FA is to enhance account security by making it much harder for hackers to gain access. It addresses the vulnerability of passwords being compromised through phishing, data breaches, or brute-force attacks.

How Two-Factor Authentication Works

2FA works by requiring two different 'factors' of authentication. These factors typically fall into three categories:

  • Something you know: This is usually your password.
  • Something you have: This is a physical device you possess, such as a smartphone, security key, or hardware token.
  • Something you are: This involves biometric data, like a fingerprint scan or facial recognition.

Most 2FA implementations use a combination of 'something you know' (password) and 'something you have' (a code generated by an app or sent via SMS).

Common 2FA Methods

Here are some of the most common methods used for 2FA:

  1. Authenticator Apps: These apps (e.g., Google Authenticator, Microsoft Authenticator, Authy) generate time-sensitive, one-time passwords (TOTP). You enter the code generated by the app in addition to your password.
  2. SMS Codes: A code is sent to your mobile phone via SMS. You enter this code along with your password. (Note: SMS is generally considered less secure than authenticator apps due to potential interception).
  3. Security Keys: These are physical USB devices (e.g., YubiKey) that you plug into your computer. When you log in, you need to touch the key to confirm your identity.
  4. Biometric Authentication: Using fingerprints, facial recognition, or other biometric data to verify your identity.

Example of 2FA in Action

Imagine you have an email account protected by 2FA. When you try to log in, you'll first enter your password. Then, the email provider will ask you for a second factor, such as a code from your authenticator app or a code sent to your phone. Only if you provide both pieces of information will you be granted access.

Table summarizing 2FA methods

Method Description Security Level Pros Cons
Authenticator App (TOTP) Generates time-based one-time passwords. High Convenient, works offline, resistant to phishing. Requires a smartphone.
SMS Codes Sends one-time codes to your mobile phone. Medium Widely supported. Vulnerable to SMS interception and SIM swapping.
Security Key (e.g., YubiKey) Physical USB device that requires a physical touch. Very High Highly secure, resistant to phishing. Requires a physical device, can be lost.
Biometric Authentication Uses fingerprints, facial recognition, etc. High Convenient, easy to use. Can be bypassed, privacy concerns.

Figure: Suggested diagram: A diagram showing a login screen with fields for username/password and a separate field for a 2FA code (e.g., from an authenticator app or SMS). The diagram should visually represent the two-step process.