What is Two Factor Authentication?

Two Factor Authentication, or 2FA, is increasingly referred to as a method of improving security when logging into apps or websites.  We thought it might be useful to provide a brief post about what it is and why it is worth using.

We are all accustomed to using a combination of a username and password when accessing secure websites. The username will often be an email address, but doesn’t have to be.  The password is generally created by the user, is often forgotten and unfortunately is often reused on other websites and services. It shouldn’t be of course, because if anyone finds it out, they will then have access to many of your accounts.  Nor should the password be easy to guess, see our previous post here for shocking examples.

2FA overcomes these difficulties by adding in a requirement for a one-time piece of information only the user will know.  This can be a code which is texted to their mobile phone, or generated by a keypad or ‘token’, previously provided by the service. Many banks use this method.

Thus, in order to log in to the website or service, the user must enter their username, password and a further piece of information which has been generated specifically for that single login, and which will expire almost immediately.