Two-Factor Authentication: Methods and Myths

When I mentioned to a few friends that I was writing a feature about two-step authentication, the typical response was an eye-roll and « Oh, that annoying thing?… » Yes, that annoying extra step. We’ve all had that thought when we needed to get a code before we could log in or verify our identity online. Can I please just login without a barrage of requests?

However, after much research about two-factor authentication (often referred to as 2FA), I don’t think I’ll roll my eyes at it anymore. Let’s get to know two-factor authentication a little better, the different options out there, and dispel some myths surrounding that « annoying » extra step.

Most Common Alternatives For Using 2FA

SMS Verification

It’s commonplace for apps and secure services to suggest you add 2FA at least via SMS messages, for example when logging into your account — either at all times or just when doing so from a new device. Using this system, your cell phone is the second authentication method.

The SMS message consists of a short single-use code that you enter into the service. This way, Mr. Joe Hacker would need access to your password and your phone to get into your account. One rather obvious concern is cell coverage. What if you’re stuck in the middle of nowhere without a signal, or traveling abroad without access to your common carrier? You won’t be able to get the message with the code and won’t be able to log in.

But most of the time, this method is convenient (we all have our phone handy most of the time). And there are even some services that have an automated system speak the code so that it can be used with a landline phone if you can’t receive text messages.

Source