We often hear about the two-factor authentication and many times a user does not have the slightest perception of what it is. In fact, it happens that smartphone users believe that it is simply a method of data protection which consists of entering two passwords. In reality this is not the case. In fact, the second "password" that we type or enter is not actually a password. So the first question we're going to solve is: what is two-factor authentication? Secondly we will see if it really is effective and if safer methods exist at the moment.
What is two-factor (and three-factor) authentication? And how does it work on the smartphone? Is it really safer? All the answers to the questions
Two-factor authentication, also called F2A, is a security system adopted mainly on smartphones but not only. At the time of writing it is, in fact, the safest system we have to protect our data. We talk about more or less sensitive data such as bank accounts, e-mails or simply name and surname. When we create an account (for example Gmail) we use a password to log in: that is one-factor authentication. However, we do not think that the two-factor one consists of two passwords. In fact, the second is not a password generated by us, as we said in the introduction.
Why is it called that?
It's called two-factor authentication because, as the name suggests, we will have to insert two factors (or more). But what are these factors? The first is one Password that we will initially choose; the second is instead a generated code by the institution / portal / site within which we must enter.
How does it work?
After seeing what it is and why it is called that, let's get to the heart of the matter: how does two-factor authentication work? Let's take an example. Let's take the bank's OTG key: when we access the Inbank account via smartphone we will be asked for one Password (first factor) and a OTG code (second factor). As you can imagine, this second code is "armored" in a certain sense since it is not generated by us.
Not being generated by us, it is difficult, if not impossible, for it to be stolen by malicious people. Not even a properly trained hacker should do it. These two or three factors are generated in a different way: the first, as mentioned, is at our choice; the second could be a biometric data (fingerprint or face recognition), rather than a SMS received from the provider for which we request the service or even a confirmation email.
Now let's move on to three-factor authentication. Similarly, they are required three factors. For example, in the case of the SPID to access the services of the Public Administration you can choose two or three factor authentication. In the first case, an SMS is used which will send a unique confirmation code; in the second case, in addition to password + SMS, a third PIN code.
Is it possible to activate it on all smartphones?
No, it is not possible to activate two-factor authentication on a smartphone to do “anything”. It is in fact a service that only providers give. However, according to what was revealed in these hours by Google, we are coming to a system whereby all users will have to adapt to this new method. Therefore, users may soon find that when they log into their Google account, they are required to enter special codes from their smartphone. However, this "forced" increase in security can be reversed at any time reconfiguring the account so that it uses regular passwords.
Bottom line: is two-factor authentication useful and secure?
Doubtless this type of authentication is the most secure we have. Much more secure than biometric or facial recognition authentication. These two methods are "easily" bypassed if a prepared attacker intends to steal our data.
Read also: Android 12 will focus on privacy: full support for WireGuard VPN
