What is two-factor authentication?
Two-factor authentication (2FA) is a second level verification process when accessing your account. The first level commonly is a simple combination of login+password and for the longest time that was the only method used by various websites and applications.
Over the past few years, people have become more and more aware of cyber security and various websites and services are now introducing multiple levels of identification to protect their customers.
The general idea is that the 1st level of verification is to simply confirm that the entered username exists by providing the password matching it. The 2nd level serves as identity verification – the person who entered the username and pw IS indeed the owner of the device / account and has the right to take any actions with it.
What types of 2fa exist?
The most commonly known and used methods are :
- SMS codes (receiving on your mobile phone)
- Applications auto-generating the codes (e.g. Google OTP)
- Pass-code cards or other similar forms of pre-approved code lists (used by the banks, for example)
How does 2fa work?
Every time you log in to your account you receive a new code, which is where the name came from – OTP (one-time passwords). Usually most websites offer an option between the two – either using SMS authentication or an app.
With SMS you must follow the instructions given and enter your existing phone number to receive SMS on it (often the same mobile number that was used upon registration is required). NOTE : some people try to use virtual numbers for registration and following 2fa but it is never a good idea (and we will explain in the next blog post why).
If you prefer using an app, something like Google OTP, the procedure is even easier – the first time you register and use the app follow the instructions to connect it with your account on the website. Once connected, every time you log in, the app will generate a random code that has to be entered.
If you have any questions on 2fa via SMS, feel free to contact SureM managers at firstname.lastname@example.org