Across the web we are a accustomed to the login process. We have a password for this a password for that, or do we. Studies have shown that the more systems we have passwords for the more inclined we are to use the same one. For a hacker this is like having the best skeleton key in the world, crack it once and the key has been moulded much like a locksmith cutting keys.
Two-factor authentication is merely a second set in the login process, the banks have been using two-factor authentication for many years now for instance when an ATM user puts his card into the machine that is the first step, the second step is the user inputting a pin number which authenticates against the card and sends the response to the ATM which logs the user into there account. There is a similar process when logging into an online account the user will have an external device that along with a login key will make up the two-step process.
Although the banks and many other two-factor services have used external devices the user is then expected to carry around with them all the third party devices that produce the second step in authentication, there is an alternative a company called Duo Security have created, a service which uses a smartphone. It works by pushing a request to the phones app, which pops up with an Accept or Deny. The response is sent back to the requesting application for further processing.
In May 2013 Twitter announced that their login process will be using two-factor authentication, the user will need to go to their account and turn on “Require a verification code when I sign in”. The user is then sent a text message with a six digit code, this method is simple and doesn’t require a smartphone but any phone or device that can accept SMS. Linear Blue for a recent project used Duo Security authentication. Linear Blue found that it is still a new concept on the web but one which is catching on very quickly. In the 4 months of testing and implementing the project Twitter announced their uses and very recently Oct 3, 2013 Facebook announced that they will be using Duo Security so the days of just the username and password are numbered.