Two-factor Authentication

Across the web we are a accustomed to the login process. We have a password for this a password for that, or do we. Studies have shown that the more systems we have passwords for the more inclined we are to use the same one. For a hacker this is like having the best skeleton key in the world, crack it once and the key has been moulded much like a locksmith cutting keys.

Two-factor authentication is merely a second set in the login process, the banks have been using two-factor authentication for many years now for instance when an ATM user puts his card into the machine that is the first step, the second step is the user inputting a pin number which authenticates against the card and sends the response to the ATM which logs the user into there account. There is a similar process when logging into an online account the user will have an external device that along with a login key will make up the two-step process.

Although the banks and many other two-factor services have used external devices the user is then expected to carry around with them all the third party devices that produce the second step in authentication, there is an alternative a company called Duo Security have created, a service which uses a smartphone. It works by pushing a request to the phones app, which pops up with an Accept or Deny. The response is sent back to the requesting application for further processing.

In May 2013 Twitter announced that their login process will be using two-factor authentication, the user will need to go to their account and turn on “Require a verification code when I sign in”. The user is then sent a text message with a six digit code, this method is simple and doesn’t require a smartphone but any phone or device that can accept SMS.  Linear Blue for a recent project used Duo Security authentication. Linear Blue found that it is still a new concept on the web but one which is catching on very quickly. In the 4 months of testing and implementing the project Twitter announced their uses and very recently Oct 3, 2013 Facebook announced that they will be using Duo Security so the days of just the username and password are numbered.

Sources

http://en.wikipedia.org/wiki/Multi-factor_authentication

http://research.microsoft.com/apps/pubs/?id=74164

http://www.wired.com/gadgetlab/2013/05/twitter-two-factor/

https://www.duosecurity.com/blog/facebooks-security-philosophy-or-how-engineers-learned-to-love-two-factor?mkt_tok=3RkMMJWWfF9wsRons6rIZKXonjHpfsX56ewtWaG0lMI%2F0ER3fOvrPUfGjI4ARcFhI%2BSLDwEYGJlv6SgFSrfBMbVxwrgJWhE%3D

Warren Tucker

While studying for a bachelors degree in Internet Technology, and working for Bucks New University as a Senior Technician Warren also taught CISCO CCNA short courses for Bucks New University. After leaving in 2008 to work for a Digital Web agency as a web developer but with knowledge of networking and computer support he soon became the companies computer support for both internal staff and external clients. Staying close to networking he moved on to work for a telecoms company as a PHP Team Leader Developer working on ERP systems with iPhone integration. 2012 Warren worked most of it as a contractor expanding on his skills as a Developer which he has extensive knowledge of PHP / HTML / Javascript / CSS he is currently expanding on his iPhone/iPad and Android development.

More Posts - Website

1 thought on “Two-factor Authentication”

  1. Hey Warren, thanks for mentioning Duo Security! We’re extremely happy to be providing two-factor authentication for the great team at Facebook and our many other customers. I hope your readers will take a look at our service and platform — we’d love to be providing them that same great security as well. Cheers!

Leave a Reply