Why Should Your Users Have Two Factor Authentication?


Going a little more deeper into things, let’s look at the different types of 2FA factors that are widely used these days. This includes knowledge-based factors (a password or a pin), factors under your possession (like the OTP that we mentioned before), human factors (such as an iris scan and fingerprints) and advanced security options like location-based log in. All these new ways of enhancing security were born out of a renewed necessity towards protecting the sensitive data that we so often share over the internet.

SecurID
RSA’s SecurID

So what happened to the passwords?

The age of a single social network has long gone. Today, we use multiple social networks, log in to a lot many communities and use more than one email ID for our personal purposes. Added to all this, we know that a single password for all websites is likely to have a crashing effect on us so that we create multiple passwords and then find it difficult to memorize each of these. We resort to writing it down, storing it on our own computers and even copying these to an external hard drive — which has helped make the breeding ground for hackers very fertile.

Single-factor authentication has been widely used because of its ease of implementation and cheap rates but it has attracted more breaches simply because it’s easy to break this down. Provided that you have a few hours and a little knowledge about the system and the person you are hacking, an amateur hacker can easily breach your fort. All these factors prompted programmers to rethink their security system and in a general consensus, it was agreed that a security system requires a ‘unique, one-time usable protection factor that is spontaneously generated and linked to the system and the users in real-time. This gave birth to 2FA as we know it today.

Why should your users have it?

If you have a community or a website that requires a login credential to perform any activity, then you should read ahead and get to know why your users should have a two-step verification process.

  1. When a user logs in to your website, that individual is leaving behind a trail of virtual information packets (called cookies) which are stored on the local computers so that you can offer the user a renewed and improved user experience when he/she logs in to your site the next time. This file, which effectively established a relationship between the end-user and your system is a potential exploitation factor, sometimes guarded by your authentication factor which is amenable to breach. If you can strengthen it with 2FA, that means less mess to deal with.
  2. In most cases, the account holder is held responsible for all actions performed by a specific account. And by definition, the account holder means the person who can be identified with the specific login information that he/she provided (like the owner of the email ID or the registrant of the mobile number you provided or the individual registered under the social media you linked) — and not the person who actually logged in (a deceiving friend might have logged in with their credential). So, in case you have a single verification system, you are giving more room for the law to hold them accountable for an offence someone else did. Aren’t you responsible for your own users too?
  3. Spam is becoming one of the most dreaded activities on the internet. Every corner of the internet is swamped with spam and other totally undesirable materials that more and more communities are looking towards enhancing security system that filters out the legit user from the spam registration. A two-step verification process ensures that there are fewer automated posts and more real content to look out for.
  4. Big companies often find themselves spending millions of dollars as a solution to plug the security vulnerabilities and assuage the overall strength of the security apparatus. They also hit their pockets to compensate for their breach in privacy and secured information. Having a two-step verification system is one more effective layer of security to add and to the problem makers, one more obstacle to overcome before hitting the target. Though the system in itself is a little expensive to implement, internet and social media giants like PayPal and Google has started implementing this extra layer of security into their system in, as early as 2002.

The drawbacks that come along

2FA comes with a fair amount of disadvantages also. Hence, it is important for you to know the two sides of the coin before deciding to keep to with you or give it away.

  1. It's expensive. The amount of money you need to spend for this system really depends on the strength of the hardware, its maintenance, the traffic statistics and certain local factors such as maintenance charges, telecom fees and density of smartphone users in the area to which you are directing your services.
  2. The initial registration and the subsequent login process is tiresome. It takes a little push and effort from your side to convince users of the importance of having a sound and secure web environment.
  3. The 2FA factor that you are going to use should be selected by keeping the population at the user end in mind. Additionally, you can extend the 2FA system to a 3FA system to bring additional protection, though presently, this is not recommended.
  4. Location-based login and fingerprint scanners are not recommended as of now due to the cumbersome effort that should come from the user end and the lack of infrastructure — not many mobile phones or devices in the markets today are equipped with fingerprint scanners.

I hope this has helped you get enlightened on certain basic aspects of 2FA, the history behind this epic system of security, the reasons why it is important and the points argued against its favour. I hope that you will make a fine and informed choice.