As the Internet has evolved and grown over the last three decades so have cybersecurity methods, albeit not quite at the same pace. One method of access control that is gaining more popularity lately is Two-factor Authentication (2FA). 2FA allows a computer system, through a combination of two different components, to confirm the claimed identity of a user requesting access. These components can include something you have (possession), something you know (knowledge), and something you are (inheritance). For example, to log into my Google account I need my username and password (something I know) as well as a 6-digit security code that is sent via SMS to my cellular phone (something I have). While 2FA does not offer one hundred percent protection (no method does), it adds another layer of complexity and security to access control in attempt to thwart cyber attackers.
The top-rated authorization app Authy, available for both mobile and desktop devices, addresses the inherent weaknesses of methods such as 2FA via SMS by employing a Time-based one-time pasccode (TOTP) algorithm. Essentially, the Authy server is synced with the Authy client on a user’s device. Upon initializing the client on their device, an ephemeral 6-digit passcode is generated that expires after twenty seconds. When the user enters one of these passcodes, it is compared against a range of valid passcodes that were generated on Authy’s servers when you initialized the client on your device. If the passcodes match, the user’s identity is confirmed and access is authorized.
Based on the increasing sophistication of cyberattack methods and the explosion in the number of connected devices, there needs to be an evolution in multi-factor authentication. With innovation in technologies such as machine vision, artificial intelligence machine learning biometrics are going to become a staple component in 2FA and multi-factor authentication (MFA). Let’s face it; facial scans, retinal scans, and fingerprints are much harder to spoof than old school passcodes. You can check out Authy at the links below to see if it is a solution that works for you.
To Learn More: