{"id":26015,"date":"2023-05-29T07:36:21","date_gmt":"2023-05-29T11:36:21","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/what-is-two-factor-authentication\/26015\/"},"modified":"2023-05-30T12:58:21","modified_gmt":"2023-05-30T11:58:21","slug":"what-is-two-factor-authentication","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/what-is-two-factor-authentication\/26015\/","title":{"rendered":"What is multi-factor authentication?"},"content":{"rendered":"<p>Anyone who has an account on any social network or online service is bound to have come across two-factor authentication (2FA) before. It also goes by the name two-step authentication or two-step verification, but the concept\u2019s the same.<\/p>\n<p>But have you ever wondered what it exactly is, how it works and \u2013 most importantly \u2013 why it\u2019s needed? If so, you\u2019ve come to the right place. We\u2019ll try to answer these questions and more in this post.\n<\/p>\n<h2>What is two-factor authentication?<\/h2>\n<p>\nWe\u2019ll begin with a simple definition. When several methods are used simultaneously to validate access rights \u2014 that is, for <a href=\"https:\/\/www.kaspersky.com\/blog\/identification-authentication-authorization-difference\/37143\/\" target=\"_blank\" rel=\"noopener nofollow\">authentication<\/a> \u2014 it\u2019s known as <strong>multi-factor authentication<\/strong>.<\/p>\n<p>Most often digital services use <strong>two-factor authentication<\/strong>. There\u2019s nothing wrong with using more factors, but the number is usually limited to two so as not to overly irritate users.<\/p>\n<p>In other words, 2FA provides the optimal balance between account protection and convenient login. But what \u201cfactors\u201d can be used to confirm the user\u2019s authentication rights? Here are the most popular options:\n<\/p>\n<ul>\n<li>\n<strong>Knowledge<\/strong>. Authentication is granted if you have the correct password, passphrase, numeric code, graphic pattern, answer to a secret question, etc.<\/li>\n<li>\n<strong>Possession<\/strong>. If you have a certain item (for example, a key, USB token, phone, bank card), this is validation of your access rights. This also includes having access to a phone number or some other account (say, an email), which can be demonstrated, for example, by getting a one-time code.<\/li>\n<li>\n<strong>Inherent property<\/strong>. It\u2019s often possible to authenticate with some inherent, unique property of the actual user: a fingerprint, voice, face, DNA, iris pattern, characteristic typing style on keyboard, etc.<\/li>\n<li>\n<strong>Geolocation<\/strong>. Here, authentication is based on the user being in a certain place; for example, if logging in to corporate resources \u2014 inside the company\u2019s office.<\/li>\n<\/ul>\n<p>\nNote that for multi-factor authentication to work, the methods used to validate the user\u2019s rights <em>must be different<\/em>. So, if a service asks the user to enter two passwords instead of one (or, say, a password and the answer to a secret question), this cannot be considered 2FA, since the same method of validation (knowledge) is used twice.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kpm-download\">\n<h2>Why do you need two-factor authentication?<\/h2>\n<p>\nMulti-factor authentication is recommended since, individually, each validation method has its own weaknesses. For example, knowledge of some information could be a reliable method \u2014 but only if this information is known to the user alone and could in no way somehow be obtained from any other source. But that\u2019s hardly ever the case: the user has to type in a password that\u2019s then transmitted over the internet. Also, they probably <a href=\"https:\/\/www.kaspersky.co.uk\/password-manager?icid=gb_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">store<\/a> it somewhere since no one can remember all passwords for all accounts. This provides many opportunities for interception and theft.<\/p>\n<p>What\u2019s more, the password is bound to be stored on the side of the online service, from where it could one day leak. And if you use the same password for multiple services (unfortunately, many people still do), then all these accounts are at risk of being hacked.<\/p>\n<p>The same goes for other validation methods. The possession factor isn\u2019t ideal, because your item (key, phone, bank card) might get stolen. Geolocation by itself confirms nothing: there are sure to be many other folks at roughly the same point in time and space as you (unless you happen to be drifting on an ice floe in the middle of the Arctic Ocean).<\/p>\n<p>Perhaps only an inherent property factor can be considered more or less reliable, which is why it\u2019s sometimes used as the sole authentication factor. But there are <a href=\"https:\/\/www.kaspersky.com\/blog\/biometric-atms\/13259\/\" target=\"_blank\" rel=\"noopener nofollow\">a fair number of nuances<\/a> too.<\/p>\n<p>Hence the concept of multi-factor authentication: the greater the number of different factors, the more likely it is that a person who\u2019s trying to get access to the account actually has the right to do so.<\/p>\n<div id=\"attachment_48291\" style=\"width: 1338px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2023\/05\/29123928\/Two_factor_authentication_EN.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-48291\" class=\"size-full wp-image-48291\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2023\/05\/29123928\/Two_factor_authentication_EN.jpg\" alt=\"How multi-factor authentication works\" width=\"1328\" height=\"998\"><\/a><p id=\"caption-attachment-48291\" class=\"wp-caption-text\">Using more factors helps ensure your account will be accessed by you and you alone<\/p><\/div>\n<p>So, two-factor authentication is a good idea for a simple reason: to let the service know that you are you, and to make your account harder to hack.\n<\/p>\n<h2>How to use two-factor authentication<\/h2>\n<p>\nWe\u2019ll look at the various kinds of 2FA in a separate post; in the meantime, we\u2019ll end this one with a few tips:\n<\/p>\n<ul>\n<li>Be sure to enable two-factor authentication for all services that offer it.<\/li>\n<li>Where possible, select <a href=\"https:\/\/www.kaspersky.com\/blog\/authenticator-apps-compatibility\/47063\/\" target=\"_blank\" rel=\"noopener nofollow\">one-time codes from an authenticator app<\/a> as the 2FA method. And for really valuable accounts, use a <a href=\"https:\/\/www.yubico.com\/resources\/glossary\/fido-u2f\/\" target=\"_blank\" rel=\"nofollow noopener\">FIDO U2F<\/a> hardware key.<\/li>\n<li>If the above options aren\u2019t available, any other method will still be far better than having no second factor at all.<\/li>\n<li>Remember that 2FA doesn\u2019t guard against high-quality phishing (with the exception of FIDO U2F keys), so each time before entering a code, make sure you\u2019re on the real website \u2014 not a fake one.<\/li>\n<li>Use a reliable security solution with built-in anti-phishing protection, such as <a href=\"https:\/\/www.kaspersky.co.uk\/premium?icid=gb_bb2022-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">Kaspersky Premium<\/a>.<\/li>\n<\/ul>\n<p>\nAs for creating strong passwords and storing them securely, we recommend <a href=\"https:\/\/www.kaspersky.co.uk\/password-manager?icid=gb_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">Kaspersky Password Manager<\/a> \u2014 the full version of which comes with a <a href=\"https:\/\/www.kaspersky.co.uk\/premium?icid=gb_bb2022-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">Kaspersky Premium<\/a> subscription. Incidentally, our password manager has <a href=\"https:\/\/www.kaspersky.com\/blog\/make-your-passwords-stronger-with-kaspersky-password-manager\/40269\/\" target=\"_blank\" rel=\"noopener nofollow\">several other useful features<\/a> that will help protect your accounts from hacking.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"premium-generic\">\n","protected":false},"excerpt":{"rendered":"<p>What multi-factor authentication is, why you should use it, and what \u201cfactors\u201d there are.<\/p>\n","protected":false},"author":2726,"featured_media":26018,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[1111,359,2372,1126,46,54],"class_list":{"0":"post-26015","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-2fa","9":"tag-authentication","10":"tag-authenticators","11":"tag-biometrics","12":"tag-sms","13":"tag-text-messages"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/what-is-two-factor-authentication\/26015\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/what-is-two-factor-authentication\/25716\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/what-is-two-factor-authentication\/21136\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/what-is-two-factor-authentication\/10707\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/what-is-two-factor-authentication\/28409\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/what-is-two-factor-authentication\/26390\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/what-is-two-factor-authentication\/28875\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/what-is-two-factor-authentication\/27798\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/what-is-two-factor-authentication\/35429\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/what-is-two-factor-authentication\/11564\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/what-is-two-factor-authentication\/48289\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/what-is-two-factor-authentication\/20672\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/what-is-two-factor-authentication\/21355\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/what-is-two-factor-authentication\/30208\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/what-is-two-factor-authentication\/34036\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/what-is-two-factor-authentication\/26326\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/what-is-two-factor-authentication\/32026\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/what-is-two-factor-authentication\/31710\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/2fa\/","name":"2FA"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/26015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/2726"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=26015"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/26015\/revisions"}],"predecessor-version":[{"id":26021,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/26015\/revisions\/26021"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/26018"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=26015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=26015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=26015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}