SlideShare a Scribd company logo

Two Factor Authentication

Download as PPTX, PDF
Nikhil Shaw
Nikhil Shaw

The document discusses two-factor authentication (2FA) as a more secure alternative to single-factor authentication using just a username and password. 2FA provides an additional layer of security beyond just one credential by requiring two separate factors, such as something you know (a password) plus something you have (a token, smart card, or biometrics). While 2FA is more secure, it can also be slower and require the user to have their second authentication factor available at all times. Popular services like Facebook and Dropbox have implemented 2FA options to better protect user accounts and data.

1 of 16
Two Factor Authentication 1
Abstract Today’s widespread use of single factor authentication is in the midst of changes .Both corporate and personal assets are at risk against people trying impersonating users and stealing money and information .Single factor authentication method such as username / password combination are no longer sufficient enough. Two factor authentication provides a significant increase in security. Un-secured passwords are no longer going to provide enough information to the hackers to breach in security. The pin numbers or passwords are to be used in conjunction with tokens , smart cards or even biometric . The combination of these two factor will provide a secure system overall .
Single Factor Authentication(SFA) • SFA is a process for securing access to a given system, such as a network or website that identifies the party requesting access through only one category of credentials. • The most common example of SFA is username/password combination. • The single factor in this case is something you know , password. • Most business networks and most internet sites use basic username/password combination to allow access to secured or private resources.
Problems With SFA • In SFA sites , knowing the first part , username , gives the potential hacker /thief 50%of the information required to gain access to vital information . • A hacker with correct knowledge of username can then use specifically designed software to try to guess the password . • With the current speed of CPU’s , even brute force attacks are also probable. • Most people tend to have same password everywhere , so if a hacker has access to it once , it is probable he is having access to your entire data. • Keystroke logging , Phishing , Dictionary attack etc.
Two Factor Authentication
Two Factor Authentication (2FA)• 2FA provides a significant increase in the security over SFA. • The two factor of 2FA are something you know + something you have. • The additional factor “something you have” is the key factor . It can be either token’s , smart-cards or biometric .
Example of 2FA
2FA Tokens One Time Password (OTP) is a second layer of security to verify your identity. Types of OTP • Software OTP : A OTP generated by the company and sent to your mobile phone or pc. • Hardware OTP : An OTP generated by a security device/token .You press the button on device/token to obtain the OTP. • Event Based OTP : Here the moving factor is triggered by event . • Time Based OTP : Here the moving factor is time.
Smart Cards Smart Card is used in combination with smart card reader . The user will insert the card and the card sends an encrypted message to the website, or the reader displays a unique code that the user will enter.
Biometric It uses biological aspects of the end user , such as fingerprints , iris s Other methods include E-Signature or KeyStrokes dynamics that not the final signature but also how the signature was written .
Pros & Cons of 2FA • It is slow and cumbersome . • Users have to have their “something you have” all the time. • Physical factors if lost can be an overhead for criminals . • It is secure . Really secure. • Helps to protect sensitive data and prevent it from falling into hands of cyber criminals .
Two Factor Authentication
2FA in Facebook
2FA in Dropbox
References www.google.com www.2fa.com www.slideshare.net www.securityintelligence.com www.security.stackexchange.com
Thank You

More Related Content

Two Factor Authentication

  • 2. Abstract Today’s widespread use of single factor authentication is in the midst of changes .Both corporate and personal assets are at risk against people trying impersonating users and stealing money and information .Single factor authentication method such as username / password combination are no longer sufficient enough. Two factor authentication provides a significant increase in security. Un-secured passwords are no longer going to provide enough information to the hackers to breach in security. The pin numbers or passwords are to be used in conjunction with tokens , smart cards or even biometric . The combination of these two factor will provide a secure system overall .
  • 3. Single Factor Authentication(SFA) • SFA is a process for securing access to a given system, such as a network or website that identifies the party requesting access through only one category of credentials. • The most common example of SFA is username/password combination. • The single factor in this case is something you know , password. • Most business networks and most internet sites use basic username/password combination to allow access to secured or private resources.
  • 4. Problems With SFA • In SFA sites , knowing the first part , username , gives the potential hacker /thief 50%of the information required to gain access to vital information . • A hacker with correct knowledge of username can then use specifically designed software to try to guess the password . • With the current speed of CPU’s , even brute force attacks are also probable. • Most people tend to have same password everywhere , so if a hacker has access to it once , it is probable he is having access to your entire data. • Keystroke logging , Phishing , Dictionary attack etc.
  • 6. Two Factor Authentication (2FA)• 2FA provides a significant increase in the security over SFA. • The two factor of 2FA are something you know + something you have. • The additional factor “something you have” is the key factor . It can be either token’s , smart-cards or biometric .
  • 8. 2FA Tokens One Time Password (OTP) is a second layer of security to verify your identity. Types of OTP • Software OTP : A OTP generated by the company and sent to your mobile phone or pc. • Hardware OTP : An OTP generated by a security device/token .You press the button on device/token to obtain the OTP. • Event Based OTP : Here the moving factor is triggered by event . • Time Based OTP : Here the moving factor is time.
  • 9. Smart Cards Smart Card is used in combination with smart card reader . The user will insert the card and the card sends an encrypted message to the website, or the reader displays a unique code that the user will enter.
  • 10. Biometric It uses biological aspects of the end user , such as fingerprints , iris s Other methods include E-Signature or KeyStrokes dynamics that not the final signature but also how the signature was written .
  • 11. Pros & Cons of 2FA • It is slow and cumbersome . • Users have to have their “something you have” all the time. • Physical factors if lost can be an overhead for criminals . • It is secure . Really secure. • Helps to protect sensitive data and prevent it from falling into hands of cyber criminals .