How Two-Factor Authentication is Changing the Password Security Game
According to SearchSecurity, two-factor authentication is a security process in which users provide two different authentication factors to verify themselves. This authentication method adds a second layer of security to login methods and protects users’ credentials.
Google released its first version of a two-factor authentication system, Google Authenticator, in September of 2010. This system was released in the form of an app for Android and iOS and provided users with a rotation of six-digit codes. It wasn’t until 2011 that Google turned on optional two-factor authentication for all accounts.
Two-Factor Authentication as a Supplement to a Strong Password
Verizon conducted a data breach report that found that 80% of data breaches can be eliminated by the use of two-factor authentication. This sharp decrease in cybercrime can be attributed to two-factor authentication’s requirement for users to identify themselves in two different ways
Although this dual-factor login method is more secure than single-factor, it is still important to use it alongside a strong password to keep your data secure. If misunderstood, this login method can lull users into a false sense of security, resulting in weaker and more hackable passwords.
Types of Two-Factor Authentication
Authenticator Application
Authenticator apps locally generate codes at a given frequency using a technology called Time-Based One Time Password (TOTP). TOTP is a temporary and secure password generated by an algorithm.
Soft Token Authentication
A soft token is a portable device that uses software to generate single-use login passcodes and PINs. Software tokens are duplicable and can be stored on all kinds of portable devices, including desktops, laptops, and mobile phones.
Hard Token Authentication
Hard tokens are physical pieces of hardware that can resemble keys or fobs. There are many versions of these, among them connected and disconnected tokens. Connected tokens require a physical connection between the device and token, usually via USB or smart card. Disconnected tokens, on the other hand, don’t need to be plugged into the device, making them the most common type of hard token. Instead of being plugged into a device, authentication for these kinds of tokens is entered through a small screen on the token itself.
Last Pass and Two-Factor Authentication
Digital Solutions and Services recently deployed Lastpass to help our users keep their data safe. Below is an investigation into the different types of dual-factor login options that LastPass offers.
Application
The LastPass Authenticator is a “unique one-tap authentication experience” that can be used as an application on iOS, Android, and Windows Phone operating systems. The app offers three login options, which include randomly generated 6-digit passwords, SMS codes, and push notifications for one-tap login. In addition to LastPass’s original authenticator app, LastPass is compatible with other smartphone apps like Duo Security, Google Authenticator, Microsoft Authenticator, Salesforce Authenticator, SecureAuth, Symantec VIP, and Transakt.
Soft Token
Software-based authentication services are viable login options for anyone who does not want to use a mobile device for their second form of identification. For example, LastPass has developed two of its own software, LastPass Grid and LastPass Sesame, for this service. LastPass Grid requires that its users print a sheet that is used to look up specific matching values when logging in to LastPass. Users will use that sheet to provide a code to log in and access their accounts. Similar to a smartphone application, LastPass Sesame uses a second device for login purposes, but instead of a mobile device, this software uses an ordinary USB drive. This physical form of identity verification ensures that your account remains safe, as both your Master Password and USB drive are required to log in. In addition to LastPass’s own software, their password vault is compatible with fingerprint readers, including Windows Biometric Framework.
Hard Token
LastPass is compatible with hardware tokens offered by YubiKey and RSA SecurID, two widely recognized and accepted authentication mechanisms. A YubiKey is a key-sized device that plugs into a device’s USB or USB-C slot or Lightning port and can also be scanned using a Near Field Communication (NFC) enabled device. NFC-enabled devices emit short transmissions and require that the devices with which they are paired are in close proximity. LastPass’s other compatible hardware token method is RSA SecurID, which consists of a token that creates an authentication code at fixed intervals using a built-in clock and a factory-encoded key, which is unique to each token.