The so-called two-factor authentication is now standard for logging into various online platforms. But what does that mean exactly and how does the process work?
Sensitive information such as personal data must be protected on the Internet so that it cannot be misused by hackers. Then there are usernames and passwords. Users use them to log in for online banking or into the user account on Amazon, Ebay, etc. Many online providers also increase security with what is known as two-factor authentication (2FA for short). This is an additional identification that the online provider requires in addition to entering a user name and password. It is therefore not sufficient if the user identifies himself with the typical login data. Instead, as the name suggests, a second query is started with a 2FA to log in.
Two-factor authentication for more security
Now users do not have to enter a different password again. That would increase the effort involved in managing passwords rather than the level of security. Instead, users have to identify themselves in a different way.
There are different possibilities. If the user has entered the login data on a smartphone, the online provider could ask him to verify the input via the cell phone’s fingerprint sensor.
Also interesting: How well does two-factor authentication really protect user accounts?
Authentication via TAN or app
However, this verification is often carried out using a separate device. For example, when users log on to their PC, the online provider sends an access code to their cell phone, which the user enters in the second step.
A transaction number (TAN) is often used for this in online banking. Or the user confirms his registration with an app belonging to the online provider. Authentication can also be done using a chip card that is inserted into a PC reader.
Hackers have a hard time with 2FA
The advantage of two-factor authentication via two different devices: It is not enough if a hacker steals the username and the associated password, because when they are entered, the user’s smartphone, for example, would ask for authentication, which the user naturally rejects .
In addition to the password and username, a hacker would also have to get hold of the mobile phone – and accordingly its access data. If authentication is done via fingerprint, it would need even more from the user. This also makes two-factor authentication significantly more secure than other methods. However, if you lose the main device for 2FA, you have to react quickly. You can usually easily transfer the old number and everything that goes with it to a new smartphone via the provider.