“Your login code is …”. This is what it looks like when you log in to certain platforms with your own access data. This additional step, known as two-factor authentication, can be a little inconvenient, but it is essential for the security of your personal data.

Find out why two-factor authentication is necessary and why you should never do without it in this blog post.

 

How does two-factor authentication work?

With two-factor authentication (2FA) – or “multi-factor authentication” (MFA) – the first factor, the pure password entry, is extended by a second factor. This second factor can be…

• …an additional code (sent to a second end device or generated by a two-factor authentication app),
• fingerprint or facial recognition,
• a hardware stick with which a one-time code is generated, or
• an eID card (online ID card for digital services).

In all cases, it is best for security reasons if the two factors come from different categories. For example, the two factors should never be two passwords in text form, but rather a password in text form and an additional factor such as knowledge (a code sent to you), possession (an eID card) or biometrics (a fingerprint). If both factors are entered correctly during registration, the registration is successful and you can use your applications as usual.

 

Why should you use two-factor authentication?

Even if two-factor authentication means a little extra effort when logging in, it gives you a considerable level of security. Because a simple password, which can be intercepted, guessed or spied on by cyber criminals with moderate effort, is no longer sufficient for logging in, the second factor makes it much more difficult to gain access to your account.

 

Which variant is best for the second factor?

Two-factor authentication is currently one of the most secure options for securing logins to digital accounts. As already mentioned, there are several ways to implement two-factor authentication.

The option of receiving the second factor via SMS or email is a convenient way to increase security in the login process. However, third parties can still gain access through phishing emails, for example. The second option, in which one-time codes are generated by authentication apps, is therefore much more attractive. This is because even if the connection is lost, the keys are stored on the mobile device and can still be received in addition to text messages and emails. Certain hardware solutions can also be used offline. However, the probability of loss is too high here and therefore increases the security risk.

Authentication apps in particular are therefore a popular and secure means of two-factor authentication, which can be used to work well, easily and securely.

 

Trust is good, control is better – healthy skepticism as a protective measure

Of course, hackers are also aware that two-factor authentication makes things more difficult for them and are constantly developing new methods and tricks in an attempt to circumvent it.

But why do you still need two-factor authentication as a security precaution if cyber criminals can also overcome this hurdle in the worst case scenario? Quite simply, the hackers’ methods of attack focus primarily on the human vulnerability. In other words, they exploit people’s gullibility. For example, phishing emails are used to ask users to renew their login details – on a fake site that is often not immediately recognizable as such. With the help of this data, the hacker can log in to the correct site and only has to wait until he can intercept the one-time password entered by the user to access the site himself.

It is therefore important to always be wary of emails and calls from unknown senders or persons, as well as notifications relating to personal data and content. Through your caution and vigilance, you are the third security instance to protect your access data and accounts in addition to two-factor authentication. “Awareness” is the key word here: developing an awareness of where the dangers lurk, being regularly updated on how hackers try to penetrate systems to intercept data, what phishing emails look like and how they can be identified – all of this is essential for every individual. However, especially in the corporate environment, the chain is only as strong as its weakest link. Accordingly, structured and continuous support and instruction of the team on the current IT risks is just as essential as a uniform guideline on the use and application of two-factor authentication.