{"id":22116,"date":"2023-05-29T04:30:22","date_gmt":"2023-05-29T12:30:22","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/05\/29\/news-15846\/"},"modified":"2023-05-29T04:30:22","modified_gmt":"2023-05-29T12:30:22","slug":"news-15846","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/05\/29\/news-15846\/","title":{"rendered":"What is two-factor authentication | Kaspersky official blog"},"content":{"rendered":"<p><strong>Credit to Author: Alanna Titterington| Date: Mon, 29 May 2023 11:36:21 +0000<\/strong><\/p>\n<p>Anyone who has an account on any social network or online service is bound to have come across two-factor authentication (2FA) before. It also goes by the name two-step authentication or two-step verification, but the concept&#8217;s the same.<\/p>\n<p>But have you ever wondered what it exactly is, how it works and \u2013 most importantly \u2013 why it&#8217;s needed? If so, you&#8217;ve come to the right place. We&#8217;ll try to answer these questions and more in this post.<\/p>\n<h2>What is two-factor authentication?<\/h2>\n<p>We&#8217;ll begin with a simple definition. When several methods are used simultaneously to validate access rights \u2014 that is, for <a href=\"https:\/\/www.kaspersky.ru\/blog\/identification-authentication-authorization-difference\/29123\/\" target=\"_blank\" rel=\"noopener\">authentication<\/a> \u2014 it&#8217;s known as <strong>multi-factor authentication<\/strong>.<\/p>\n<p>Most often digital services use <strong>two-factor authentication<\/strong>. There&#8217;s nothing wrong with using more factors, but the number is usually limited to two so as not to overly irritate users.<\/p>\n<p>In other words, 2FA provides the optimal balance between account protection and convenient login. But what &#8220;factors&#8221; can be used to confirm the user&#8217;s authentication rights? Here are the most popular options:<\/p>\n<ul>\n<li><strong>Knowledge<\/strong>. Authentication is granted if you have the correct password, passphrase, numeric code, graphic pattern, answer to a secret question, etc.<\/li>\n<li><strong>Possession<\/strong>. If you have a certain item (for example, a key, USB token, phone, bank card), this is validation of your access rights. This also includes having access to a phone number or some other account (say, an email), which can be demonstrated, for example, by getting a one-time code.<\/li>\n<li><strong>Inherent property<\/strong>. It&#8217;s often possible to authenticate with some inherent, unique property of the actual user: a fingerprint, voice, face, DNA, iris pattern, characteristic typing style on keyboard, etc.<\/li>\n<li><strong>Geolocation<\/strong>. Here, authentication is based on the user being in a certain place; for example, if logging in to corporate resources \u2014 inside the company&#8217;s office.<\/li>\n<\/ul>\n<p>Note that for multi-factor authentication to work, the methods used to validate the user&#8217;s rights <em>must be different<\/em>. So, if a service asks the user to enter two passwords instead of one (or, say, a password and the answer to a secret question), this cannot be considered 2FA, since the same method of validation (knowledge) is used twice.<\/p>\n<p> <input type=\"hidden\" class=\"category_for_banner\" value=\"kpm-download\" \/> <\/p>\n<h2>Why do you need two-factor authentication?<\/h2>\n<p>Multi-factor authentication is recommended since, individually, each validation method has its own weaknesses. For example, knowledge of some information could be a reliable method \u2014 but only if this information is known to the user alone and could in no way somehow be obtained from any other source. But that&#8217;s hardly ever the case: the user has to type in a password that&#8217;s then transmitted over the internet. Also, they probably <a href=\"https:\/\/www.kaspersky.com\/password-manager?icid=gl_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\">store<\/a> it somewhere since no one can remember all passwords for all accounts. This provides many opportunities for interception and theft.<\/p>\n<p>What&#8217;s more, the password is bound to be stored on the side of the online service, from where it could one day leak. And if you use the same password for multiple services (unfortunately, many people still do), then all these accounts are at risk of being hacked.<\/p>\n<p>The same goes for other validation methods. The possession factor isn&#8217;t ideal, because your item (key, phone, bank card) might get stolen. Geolocation by itself confirms nothing: there are sure to be many other folks at roughly the same point in time and space as you (unless you happen to be drifting on an ice floe in the middle of the Arctic Ocean).<\/p>\n<p>Perhaps only an inherent property factor can be considered more or less reliable, which is why it&#8217;s sometimes used as the sole authentication factor. But there are <a href=\"https:\/\/www.kaspersky.com\/blog\/biometric-atms\/13259\/\" target=\"_blank\" rel=\"noopener\">a fair number of nuances<\/a> too.<\/p>\n<p>Hence the concept of multi-factor authentication: the greater the number of different factors, the more likely it is that a person who&#8217;s trying to get access to the account actually has the right to do so.<\/p>\n<div id=\"attachment_48291\" style=\"width: 1338px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2023\/05\/29073003\/Two_factor_authentication_EN.jpg\"><img loading=\"lazy\" aria-describedby=\"caption-attachment-48291\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2023\/05\/29073003\/Two_factor_authentication_EN.jpg\" alt=\"How multi-factor authentication works\" width=\"1328\" height=\"998\" class=\"size-full wp-image-48291\" \/><\/a><\/p>\n<p id=\"caption-attachment-48291\" class=\"wp-caption-text\">Using more factors helps ensure your account will be accessed by you and you alone<\/p>\n<\/div>\n<p>So, two-factor authentication is a good idea for a simple reason: to let the service know that you are you, and to make your account harder to hack.<\/p>\n<h2>How to use two-factor authentication<\/h2>\n<p>We&#8217;ll look at the various kinds of 2FA in a separate post; in the meantime, we&#8217;ll end this one with a few tips:<\/p>\n<ul>\n<li>Be sure to enable two-factor authentication for all services that offer it.<\/li>\n<li>Where possible, select <a href=\"https:\/\/www.kaspersky.com\/blog\/authenticator-apps-compatibility\/47063\/\" target=\"_blank\" rel=\"noopener\">one-time codes from an authenticator app<\/a> as the 2FA method. And for really valuable accounts, use a <a href=\"https:\/\/www.yubico.com\/resources\/glossary\/fido-u2f\/\" target=\"_blank\" rel=\"nofollow noopener\">FIDO U2F<\/a> hardware key.<\/li>\n<li>If the above options aren&#8217;t available, any other method will still be far better than having no second factor at all.<\/li>\n<li>Remember that 2FA doesn&#8217;t guard against high-quality phishing (with the exception of FIDO U2F keys), so each time before entering a code, make sure you&#8217;re on the real website \u2014 not a fake one.<\/li>\n<li>Use a reliable security solution with built-in anti-phishing protection, such as <a href=\"https:\/\/www.kaspersky.com\/premium?icid=gl_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\">Kaspersky Premium<\/a>.<\/li>\n<\/ul>\n<p>As for creating strong passwords and storing them securely, we recommend <a href=\"https:\/\/www.kaspersky.com\/password-manager?icid=gl_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\">Kaspersky Password Manager<\/a> \u2014 the full version of which comes with a <a href=\"https:\/\/www.kaspersky.com\/premium?icid=gl_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\">Kaspersky Premium<\/a> subscription. Incidentally, our password manager has <a href=\"https:\/\/www.kaspersky.com\/blog\/make-your-passwords-stronger-with-kaspersky-password-manager\/40269\/\" target=\"_blank\" rel=\"noopener\">several other useful features<\/a> that will help protect your accounts from hacking.<\/p>\n<p> <input type=\"hidden\" class=\"category_for_banner\" value=\"premium-generic\" \/> <br \/><a href=\"https:\/\/www.kaspersky.com\/blog\/what-is-two-factor-authentication\/48289\/\" target=\"bwo\" >https:\/\/blog.kaspersky.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2023\/05\/29072931\/what-is-two-factor-authentication-feature.jpg\"\/><\/p>\n<p><strong>Credit to Author: Alanna Titterington| Date: Mon, 29 May 2023 11:36:21 +0000<\/strong><\/p>\n<p>What is two-factor authentication, what it\u2019s for, and why you should enable it for all services that support it.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10425,10378],"tags":[10598,10599,19882,11517,11706,10081,10428,10606],"class_list":["post-22116","post","type-post","status-publish","format-standard","hentry","category-kaspersky","category-security","tag-2fa","tag-authentication","tag-authenticators","tag-biometrics","tag-sms","tag-text-messages","tag-tips","tag-two-factor-authentication"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=22116"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22116\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=22116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=22116"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=22116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}