What is two-factor authentication?

A strong password is essential to keep your online data safe. But with increasing cyberattacks, you need two-factor authentication, which adds an extra layer of security to your online accounts

At its annual developer's conference this year, American tech giant Apple introduced Passkey – a new sign-in technology.

Passkeys give people a secure way to sign in to your apps and websites across platforms — with no passwords required that promises to be more secure than passwords. Though a step in the right direction, the technology is unlikely to replace password-based authentication systems, just yet. Password-based authentication systems, however, are rife with security concerns.

If you only use a password to authenticate, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, an attacker could use it to gain access.

That said, passwords are the least secure method for authentication if used as a standalone. The security increases if another form of authentication is added along with passwords – we’re talking of two-factor authentication.

Two-factor authentication is a process in which users are prompted during the sign-in for additional identification, beside passwords. This additional form of identification could be done through a one-time pin received on the phone via SMS, biometric scan, security key, nearby device etc.

The additional authentication adds a layer of security to the password-based sign-in process by enabling additional identity verification, such as scanning a fingerprint or entering a code received on the phone.

Two-factor authentication

One of the easiest ways to enable two-factor authentication is by linking the sign-in service with a phone number. This way, you would need to enter the password and additionally authenticate the sign-in by entering a code received on the phone number. For smartphone users, there are authenticator apps to approve sign-ins using push notifications, biometrics, or one-time passcodes.

For enterprises, there is a standard called FIDO2 issued by the Fast IDentity Online (FIDO) Alliance to promote open authentication standards and reduce the use of passwords as a form of authentication. It is typically a USB device, or a device with Bluetooth or near-field communication chip in some cases, configured with a security key.

These devices, when connected to the system, enable password-less authentication. With a hardware device that handles the authentication, the security of an account is increased as there is no password that could be exposed or guessed.