Two-Factor Authentication or as it’s commonly known, 2FA, is another way to verify that you are actually the person who you say you are even after you’ve logged in once already. Hence the name, Two-Factor Authentication.
Phone Number Two-Factor Authentication
You might already have a form of 2FA established on some of your accounts and didn’t even realize that there was a term for it. An example would be if you’re logging into your email account and it asks for you to input a code from your phone to complete the login process even though you’ve already entered your password. The pin number is an example of Two-Factor Authentication. Most people carry a phone around with them and it is a reliable way to verify that a user is who they say they are.
While using your phone number as a 2FA method is reliable, a string of attacks known as SIM Swaps that have been known to compromise users even with two factor authentication. A SIM Swap attack is when a cybercriminal physically changes out your SIM card into a phone they own, or, they transfer your number onto another SIM card through malicious use of your personal information and impersonate you to your phone carrier to conduct the swap.
Authenticator App Two-Factor Authentication
Although phones are a common way to verify a person’s identity, there are other forms of 2FA that you can set up on your accounts. Another 2FA method is an authenticator app. Google Authenticator and Duo Mobile are two commonly known authenticator apps that are often used by Fordham University. These authenticator apps have timed codes that reset about every fifteen seconds and require you to enter the code to the associated account’s 2FA input menu. These authenticator apps are a step up from receiving a code from your phone as the codes reset very often and you can even set a pin on the authenticator app so that only you can access it in case someone got into your phone.
Two-Factor Authentication Key
My personal favorite and the one that I personally use and feel is the most secure, is a physical key called a Two-Factor Authentication Key. This key allows you to log in to an account and have to physically plug the key into your device to allow you to log in. If your account has been compromised and an attacker has your password and they attempt to log in, they will not be able to as long as you have this physical key as your primary Two-Factor Authenticator. A huge benefit is that now you have a physical key for 2FA, it can’t be compromised via the Internet, and you will know its location at all times.
Source: https://www.cisa.gov/mfa