How Two-Factor Authentication is Changing the Password Security Game

Banner Image Two-Factor Authentic


According to SearchSecurity, two-factor authentication is a security process in which users provide two different authentication factors to verify themselves. This authentication method adds a second layer of security to login methods and protects users’ credentials.


Google released its first version of a two-factor authentication system, Google Authenticator, in September of 2010. This system was released in the form of an app for Android and iOS and provided users with a rotation of six-digit codes. It wasn’t until 2011 that Google turned on optional two-factor authentication for all accounts.


Two-Factor Authentication as a Supplement to a Strong Password

Verizon conducted a data breach report that found that 80% of data breaches can be eliminated by the use of two-factor authentication. This sharp decrease in cybercrime can be attributed to two-factor authentication’s requirement for users to identify themselves in two different ways 

Although this dual-factor login method is more secure than single-factor, it is still important to use it alongside a strong password to keep your data secure. If misunderstood, this login method can lull users into a false sense of security, resulting in weaker and more hackable passwords.


Types of Two-Factor Authentication

Authenticator Application

Authenticator apps locally generate codes at a given frequency using a technology called Time-Based One Time Password (TOTP).  TOTP is a temporary and secure password generated by an algorithm.

Soft Token Authentication

soft token is a portable device that uses software to generate single-use login passcodes and PINs. Software tokens are duplicable and can be stored on all kinds of portable devices, including desktops, laptops, and mobile phones.  

Hard Token Authentication

Hard tokens are physical pieces of hardware that can resemble keys or fobs. There are many versions of these,  among them connected and disconnected tokens. Connected tokens require a physical connection between the device and token, usually via USB or smart card. Disconnected tokens, on the other hand, don’t need to be plugged into the device, making them the most common type of hard token. Instead of being plugged into a device, authentication for these kinds of tokens is entered through a small screen on the token itself.

Last Pass and Two-Factor Authentication

Digital Solutions and Services recently deployed Lastpass to help our users keep their data safe. Below is an investigation into the different types of dual-factor login options that LastPass offers.



The LastPass Authenticator is a “unique one-tap authentication experience” that can be used as an application on iOS, Android, and Windows Phone operating systems. The app offers three login options, which include randomly generated 6-digit passwords, SMS codes, and push notifications for one-tap login. In addition to LastPass’s original authenticator app, LastPass is compatible with other smartphone apps like Duo Security, Google Authenticator, Microsoft Authenticator, Salesforce Authenticator, SecureAuth, Symantec VIP, and Transakt.


Soft Token

Software-based authentication services are viable login options for anyone who does not want to use a mobile device for their second form of identification. For example, LastPass has developed two of its own software, LastPass Grid and LastPass Sesame, for this service. LastPass Grid requires that its users print a sheet that is used to look up specific matching values when logging in to LastPass. Users will use that sheet to provide a code to log in and access their accounts. Similar to a smartphone application, LastPass Sesame uses a second device for login purposes, but instead of a mobile device, this software uses an ordinary USB drive. This physical form of identity verification ensures that your account remains safe, as both your Master Password and USB drive are required to log in. In addition to LastPass’s own software, their password vault is compatible with fingerprint readers, including Windows Biometric Framework.


Hard Token

LastPass is compatible with hardware tokens offered by YubiKey and RSA SecurID, two widely recognized and accepted authentication mechanisms. A YubiKey is a key-sized device that plugs into a device’s USB or USB-C slot or Lightning port and can also be scanned using a Near Field Communication (NFC) enabled device. NFC-enabled devices emit short transmissions and require that the devices with which they are paired are in close proximity. LastPass’s other compatible hardware token method is RSA SecurID, which consists of a token that creates an authentication code at fixed intervals using a built-in clock and a factory-encoded key, which is unique to each token.



Two-factor authentication is a clear improvement to password-factor login methods, and it is imperative that businesses stay on top of this development in data security. Take the first step to this added layer of security by choosing software that offers multi-authentication methods. From password security vaults to timesheets, dual-factor authentication is the best way for organizations to keep their data secure.