Two Factor Authentication – What's it all about?
6 November

Two-Factor Authentication - What is it?

Two-Factor Authentication (2FA) is the use of a second layer of security to make sure that people requesting access to an online account really are who they claim to be. First, a user will enter their email/phone no/username and a password. Instead of immediately gaining access, the user will be required to prove their identity by confirming another piece of information. This second authentication could come from one of the following categories:-

  • Additional Information This could be a personal identification number (PIN), an account phrase, answers to “secret questions” or a specific keystroke pattern
  • DEVICE Typically, linked to something in your possession, this could be a smartphone with an app like google authenticator generating time based codes, sms codes or push notifications sent to confirm identity or a small hardware token (like banks used to send out)
  • BIOMETRIC This is often linked to face ID, finger print biometric pattern of a fingerprint, an iris scan, or a voice print

With 2FA, a potential compromise of just one of these factors won’t unlock the account. So, even if your password is stolen or your phone is lost, the chances of a someone else having your second-factor information is highly unlikely. Looking at it from another angle, if a consumer uses 2FA correctly, websites and apps can be more confident of the user’s identity, and unlock the account.

Why is 2FA important?

We now do everything through a device connected to the internet. Most of our software is now cloud-based, which means an email address and password to gain access to accounts and systems. Whether that's your bank, software that runs your business or even your social media accounts.

As with the physical world, there are gains and money to be made through criminality online.

These bad actors are primarily looking for access to your accounts. This is considerably easier than trying to find flaws and exploits in a million of lines of code, looking for a backdoor, when they can just get someone to give them a username and password.

It goes without saying consumers and businesses can be left reeling from their accounts being breached and are often not aware until it is too late, if they don't have the right protection.

To give an idea of the scale of this problem in 2017 a dump of usernames and passwords was made available on the dark web totaling 1.7 Billion entries. This was 5 years ago and these practices have not slowed down. As more and more people utilise apps for every part of their lives, opportunities for criminals only increase.

Take a look at the 3 most common ways people become victims online.

  • Phishing: Phishing involves various methods of obtaining sensitive information. This could be passwords, pin numbers or account details, or card details. Phishing usually comes in the form of an authentic-looking email or message and asks you to enter details on a link or reply to that email with the information requested. Even the most seasoned of tech users can be caught out by phishing, as the methods to create authentic-looking messages become ever more sophisticated.
  • Poor Passwords: It is increasingly difficult to keep track of our accounts and passwords, and that's exactly what the criminals are banking on. Due to the many accounts we have, users tend to use the same password accross most, if not all of their accounts. The most common passwords are QWERTY, 11111, 123456 and password
  • Password recycling: is one of the biggest factors. Using the same passwords for multiple sites can mean that if just one of your accounts is breached, or your password is leaked through a hack, the rest of your accounts can now be breached.

As we use internet-connected devices and software more and more, people become comfortable and simply don't think it will happen to them. Usernames and your passwords are the access to many of our livelihoods.

Great News! TillTech have added extra protection to your account

To help keep your account safe, Till Tech have turned on two-factor authentication. This means you'll now use a unique one-time passcode generated from Google Authenticator on your mobile phone, as well as your password, to log in. This added security helps prevent unauthorised access to your account.

How two-factor authentication works

Once you enter your email address and password to log in to your account, you'll need to use Google Authenticator to generate your access code for authentication.

With TillTech all of the above and more is yours out of the box in one easy to use yet extremely powerful platform.

Come and have a chat if you want to get into more detail, we love talking about this stuff! Click here to start the conversation