Could 2 Factor Authentication really replace static passwords?

Usernames and passwords are part of everyday life in the modern business world, but in fact offer very little to the safety of online services. However, the increasing use of two-factor authentication means security need not be such a worry for organisations that want to make the most of online applications and services.


Two-factor authentication is made up of two or three different elements – something you have (a possession factor), something you know (a knowledge factor) and something you are (a personal factor). The possession factor, e.g. a card or one-use code, and knowledge factor, e.g. a password or PIN code, are the most commonly used elements involved in authentication, although the use of the inherence factor, e.g. using biometric data through fingerprint scanners, is becoming more common. This technology has come into use wider use through laptops and mobile phones, and although it is largely used just as a tool to unlock devices, it has the potential to be used anywhere user verification is required.

The most common type of two-factor authentication used in many online applications comes in the form one-use codes, with a unique code being generated by a token device or similar. Some organisations also use phone call confirmation or a downloadable smartphone application to authenticate an account.

One criticism that has emerged regarding two-factor authentication is that the user must always have the required possession on their person. Most of us now carry our mobile phones everywhere we go, meaning we always have verification option available. This is similar to the success of bank cards, as most of us have a wallet or purse full of cards with us throughout the day. Many banks also provide their customers with card readers, used for online banking in order to transfer money, make changes etc.

Fraud is a constant worry to internet users across the world – any website focused on financial transactions is a target for fraud, but when someone uses the same password across multiple platforms the chance of more than one of their accounts becoming a target increases – someone can easily hack your account on an internet forum and then gain access to your Amazon or Facebook accounts. Simply put, a combination of letters and numbers is not the safest option.

Fortunately, many popular organisations do now offer two-factor authentication, including Facebook, Microsoft, Amazon and PayPal. With some companies, two-factor authentication is an optional security feature, but with others it is an essential part of the account management process.

Two-factor authentication is a real competitor to the static password system so common across the web. If two-factor authentication was rolled out internet wide, users could easily ensure greater security across their accounts. By no means would users have to use multiple factors every day for every single login, but when making changes to their account or accessing financial or sensitive information, an added level of security would help put their minds at rest that they will not be taking a risk.


Leave a Reply

Your email address will not be published. Required fields are marked *