What is two-factor authentication (2FA)?

Two-factor authentication (2FA) or multi-factor authentication (MFA) is an additional security layer for your business – helping to address the vulnerabilities of a standard password-only approach.

What is 2FA and how does it work?

In today’s online environment, the rudimentary “username and password” approach to security is easy prey for cybercriminals. Many log-ins can be compromised in minutes, and private data (such as personal and financial details) is under increasing threat.

Two-factor Authentication (2FA), also known as dual-factor authentication or two-step verification, adds another layer of security, supplementing the username and password model with a second factor to identify the user with a code that only a specific user has access to (typically sent to something they have immediately to hand).

Two-factor Authentication (2FA), also known as dual-factor authentication or two-step verification, adds another layer of security, supplementing the username and password model with a second factor to identify the user with a code that only a specific user has access to (typically sent to something they have immediately to hand).

Authentication Factors

Two-Factor Authentication, as the name suggests, requires two separate factors to ensure authentication – a password or PIN which is something you know (known as the “knowledge factor”) alongside something you have, such as a security token, mobile device or smartphone app to approve authentication requests (known as the “possession factor”). 2FA can also use biometrics (known as an “inherence factor”), such as fingerprints, facial or voice recognition to act as the second factor.

In addition, location and time of logon can also be added to provide even greater security, and Multi-Factor Authentication (MFA) can use two or more independent credentials to secure authentication.

Learn about the wide range of SecurEnvoy 2FA and MFA methods >

Hardware tokens versus tokenless 2FA

End user acceptance can make or break the implementation of any security system. When it comes to two-factor authentication, having a broad range of authenticators available to users is key to success.

Users and use cases can vary greatly, however the vast majority of requirements can be addressed via the deployment of a soft token 2FA app to user’s mobile phones. This type of app can serve to generate a 6-digt random one time passcode (OTP), used in conjunction with their username and password to securely logon. Alternatively the app can receive a secure push notification that simply requires the user to press accept and authorise the logon.

2FA apps are secure and user friendly, however in some instances where corporate mobile phones have not been supplied, users may prefer to use a traditional dedicated hardware token to authenticate. Hardware token deployments typically cost more than their virtual token counterparts, due to the procurement of additional hardware. There are however other hidden costs, in terms of the deployment and overall administration overhead of managing a physical token estate.

SecurEnvoy offers both software & hardware tokens as part of a wide range of authenticators allowing organisations to cater for all user requirements.

Read more about Tokenless 2FA – Authenticating without the need for a hardware token >

Soft Tokens

A soft token app is a software-based security application, which can generate a random 6-digit number, enabling users to enhance the security of their traditional username and password login by adding the 6-digt one-time passcode (OTP).

Advanced soft tokens also support user friendly, push notifications for authentication. Optional additional security can be added by invoking a PIN or Biometric to approve the push notification or unlock the virtual token itself.

SecurEnvoy offers soft tokens on both iOS and Android along with desktop applications on Windows and OSX.

Find out more about the benefits of soft tokens and features of SecurEnvoy Soft Token MFA here >

SMS 2FA

SMS 2FA is the concept of sending a 6-digt one-time passcode (OTP) via the control channel of the GSM network. The benefit of this type of solution is that it has a zero footprint on a user’s device as it does not rely on a software application. A downside of SMS 2FA is typically the cost, which can vary depending on geographic location and network provider.

There has been some discussion, over the years, as to whether SMS is secure for two-factor authentication. In our white paper “Is SMS 2FA Secure”, we take a look at the history of SMS 2FA and MFA, some famous security breaches and how security has evolved. Learn how best practices, understanding your risks and applying the correct security ensure that SMS is still a secure method for authenticating users.

Read more about SMS 2FA >
Find out more about SMS and other authentication methods >

Why two-factor authentication is important – supercharge your security

We rely on passwords to access our systems every day, but with users falling prey to phishing scams on a regular basis and with many passwords easy to crack in a few minutes, 2FA and MFA are now a must rather than nice to have. Two-factor authentication and Multi-factor authentication solutions are used by businesses of all sizes – seeking to keep confidential data secure. They can help to lower the likelihood of identity theft, as well as phishing scams, because criminals cannot compromise log-ins with usernames and password details alone.

Learn more about the benefits of two factor authentication >

SecurEnvoy MFA Solutions

Looking for multi-factor and two-factor authentication solutions that take your security to another level? For nearly 20 years we have been at the forefront of MFA innovation. Discover an extensive range of authentication solutions ranging from phone apps to biometrics, hardware tokens and SMS.

Simple, effective and flexible MFA.
Proven and trusted by 1000s of customers worldwide.