Word of the Day: two-factor authentication (2FA)

Word of the Day Daily updates on the latest technology terms | November 26, 2018 two-factor authentication (2FA) Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which the user must provide two authentication factors to verify identity. Standard authentication factors include something the user knows (password), something the user has (token), a physical characteristic of the user (inherence), the user's physical location (place) or the time a transaction takes place (event). Technically, 2FA is a form of multifactor authentication and is in use any time two authentication factors are required to gain access to a system or service. It is important to note, however, that using two factors from the same authentication category doesn't constitute 2FA. For example, requiring a password and a shared secret is still considered single-factor authentication because passwords and shared secrets are both knowledge factors. Smartphones also offer a variety of possibilities for 2FA, including fingerprint recognition, facial recognition, iris scanning, voice recognition, GPS location and Short Message Service (SMS). Although SMS-based 2FA is inexpensive, user-friendly and easy to implement, it is vulnerable to numerous interception attacks. Increasingly, mobile authenticator apps are replacing server-driven verification personal identification numbers (PINs) formerly sent through text, voice call or email. Apple iOS, Google Android, Windows 10 and BlackBerry OS 10 all have apps that support 2FA, allowing the phone itself to serve as the physical device to satisfy the possession factor. Duo Security, based in Ann Arbor, Mich., and purchased by Cisco in 2018 for $2.35 billion, is a 2FA platform vendor whose product enables customers to use their trusted devices for 2FA. Duo's platform first establishes that a user is trusted before verifying that their mobile device can also be trusted for authenticating the user. Quote of the Day "Multifactor authentication or 2FA options are cheaper and easier to integrate than ever before and their cost certainly outweighs the potential costs of data and identity theft, financial and reputation damage, and potential lawsuits." - Michael Cobb Trending Terms authentication factor single-factor authentication security token multifactor authentication out-of-band authentication three-factor authentication Learning Center How were attackers able to bypass 2FA in a Reddit breach? Reddit was quite open after it experienced a breach by attackers who bypassed 2FA. Learn how attackers were able to bypass controls to cause the Reddit breach and how other sites can prevent this kind of attack with Judith Myerson. How can U2F authentication end phishing attacks? Google implemented U2F authentication and physical security keys to defend against phishing attacks. Learn why Google chose U2F over OTP and whether or not it's an effective method. Enterprises should reconsider SMS-based 2FA use after breach Reddit recently revealed a data breach that was caused by threat actors intercepting SMS-based 2FA codes. Discover what this means for users and why enterprises should re-evaluate their use of SMS for authentication. Reddit breach sparks debate over SMS 2FA A Reddit breach was discovered to be due to an attacker compromising the SMS two-factor authentication used by employees, sparking a debate over using that 2FA method. Risk & Repeat: Inside the Facebook 2FA fail This Risk & Repeat podcast examines the Facebook 2FA controversy where the company admitted to using mobile numbers for advertising purposes and what that means for Facebook's reputation and 2FA adoption in general. Quiz Yourself The credit union website uses two-factor authentication to protect _____ members. a. their b. its Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.