What is Two-Factor Authentication (2FA) and how is it used?

We are increasingly familiar with the digital world, whether we are companies or individuals, we have gradually converted physical documents and face-to-face processes into digital ones. This change, although with great benefits, has brought the vulnerability of our information due to fraud or cyberattacks; however, solutions have emerged to reduce that vulnerability and make the digital environment safer. One of these solutions is two-factor authentication, a measure that takes security beyond the password. Here we tell you why this security method is important and how it works.

Also known as two-step authentication, it is a security measure that multiple digital service platforms have adopted in order to protect the information and privacy of their users. Generally, to access a virtual account, be it social networks, bank accounts, email or other types of services, it is necessary to enter a username and a password; however, to strengthen security in these accesses, two-factor authentication was born, creating an additional security layer.

Two-factor authentication aims for the user to confirm for a second time that they really are the one trying to access an account. A first confirmation is the conventional password entered at login, the second factor can be a code sent by instant messaging or email, facial or fingerprint recognition, or a confirmation in authentication apps.

What this second factor seeks is to have a different way of confirming the intention to log in to an account, different from the website or app where the action is taking place. If this second step is not confirmed, it will not be possible to access the account.

Being an additional step to the conventional entry of username and password, this measure seeks to have

an alternative channel through which the user confirms to be the one trying to log in.

Depending on the platform, this second factor is configured by the user who decides to give more security to their accounts; but it can also be the platforms themselves that designate it, as is the case of banks who, through independent tokens or from their banking apps, issue these codes.

In this way, the double factor works in different ways, from fingerprint or facial authentication that does not require numerical codes, to apps created to provide security factors, which usually consist of 6 digits.

Among the most used ways by companies and individuals, there are mainly 4 types of two-factor authentication that are the most common:

• Code via messaging: Consists of the user indicating a communication channel through which they receive a numerical code to authenticate, usually sent via SMS to be received directly on the cell phone, but it can also be received by email or other types of instant messaging.
• Authentication apps: There are mobile applications created to issue codes that are updated frequently, usually every minute. These apps are configured with the account to which the second factor wants to be added, and when the person wants to log in, they must open the app to also enter the code it indicates. These apps are downloaded on the device of choice, mainly cell phones, one of the most common is Google Authenticator.
• Tokens: Also known as USB security keys; they are generally the security method a bank provides to its corporate clients. They are small devices that have a screen displaying a numerical code that is updated every minute. When users need to carry out a process on the virtual portal, they will need to enter the code indicated by the token, thus becoming the second authentication factor for logins or transactions. In some banks, these types of tokens are available in mobile apps, and not on an independent device.
• Facial or fingerprint authentication: The most recent devices have the characteristic of allowing facial identification thanks to the camera or fingerprint identification; this type of authentication also gives a second layer of security to access applications or virtual accounts.

It is important to mention that not all two-factor methods are necessarily in numerical format, as is the case with recognition methods, they can also be security questions, where the user enters keywords or phrases.

Currently, most banks have resorted to two-factor authentication so that the transactional processes of individuals or companies are confirmed outside of home banking.

For example, when making a payment, the bank requests that a security key be entered, which reaches the user via text message, or in other cases must be consulted in their banking app or physical token. Without this second factor, the payment or transfer cannot be made, guaranteeing greater security in the user's movements.

In the case of physical tokens or the banking app, the second factor is a numerical key, usually 6 digits, that changes approximately every minute.

This is how this type of 2FA could appear:

Having two-factor authentication is a way to shield private information and reduce the risk of digital crimes. Furthermore:

• They are easy to configure
• They are easy to use
• They protect information in a more secure way than a single password

This measure is convenient because it adds an extra layer of security in a simple way and completely within the user's reach, allowing a secure connection where they are in control.

While it is a tool that adds security to accounts in an easy and effective way, it is important to recognize that there are situations where the double factor is vulnerable.

For example, when the second factor is received via instant messaging, in the event of device theft, the thief will have access to them. The same will happen with one of the most common crimes: SIM Swapping, which consists of the criminal managing to obtain a new telephone line with the victim's same number and from there impersonates them to access accounts. With this type of crime, the criminal receives confirmation messages and security is breached.

Although there is a vulnerability to the risk of loss or theft, it is also important to see that the 2FA function is effective and secure in itself, which makes it convenient and recommended. It will always be important to consider possible scenarios where this security method may be at risk and take the necessary measures.

One of Prometeo's services is Bank transfer payments, a technological solution that allows payment by bank transfer in an easy and secure way between companies and their clients. This entire payment process happens with the same security standards as the bank, so depending on the entity, two-factor authentication is one of the most important steps in the payment, providing greater security and peace of mind to the user.