Before addressing the question ‘what is two-factor authentication (2FA)’, let’s consider why it’s important to do everything you can to improve your online account security. With so much of our lives happening on digital devices and online, it’s no wonder accounts accessed via the internet have become a magnet for criminals. Malicious attacks against governments, companies, and individuals are more and more common. And there are no signs that the hacks, data breaches, or other forms of cybercrime are slowing down! How and when did passwords get so vulnerable you may ask. While using passwords is better than having no protection at all, they’re not foolproof. Here’s why:
- Humans have lousy memories: A recent report looked at over 1.4 billion stolen passwords and found that most were embarrassingly simple. Among the worst are “111111,” “123456,” “123456789,” “qwerty,” and “password.” While these are easy to remember, any decent hacker could crack these simple passwords in no time.
- Too many accounts: As users get more comfortable with doing everything online, they open more and more accounts. This eventually creates too many passwords to remember and paves the way for a dangerous habit: password recycling. Here’s why hackers love this trend: it takes just seconds for hacking software to test thousands of stolen sign-in credentials against popular online banks and shopping sites. If a username and password pair is recycled, it’s extremely likely it’ll unlock plenty of other lucrative accounts.
- Security fatigue sets in: To protect themselves, some users try to make it harder for attackers by creating more complex passwords. But with so many data breaches flooding the dark web with user information, many just give up and fall back to using weak passwords across multiple accounts.
Introducing Two-Factor Authentication (2FA)
2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their email/username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information. This second factor could come from one of the following categories:
- Something you know: This could be a personal identification number (PIN), a password, answers to “secret questions” or a specific keystroke pattern
- Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token
- Something you are: This category is a little more advanced, and might include biometric pattern of a fingerprint, an iris scan, or a voice print
With 2FA, a potential compromise of just one of these factors won’t unlock the account. So, even if your password is stolen or your phone is lost, the chances of a someone else having your second-factor information is highly unlikely. This is why most platforms that deals with sensitive data or money requires 2FA, and if they don’t, users should be cautious.
How DiFi – Distributed Finance – embeds 2FA
It’s funny, so much has been discussed when it comes to the best way to implement two-factor authentication on platforms that require high levels of security, for example in finance, to protect user deposits. There are so many options and paths platforms have chosen to take:
- Some platforms ask for username+password and then send an SMS with a verification code
- Some platforms ask for email+password and then send an email with a verification code
- Some platforms have social logins like Google or Facebook login buttons and then ask users to download an authenticator app where a verification rotates every 20 seconds
- Some platforms powered by the blockchain rely only on pincode and the private key
- First level verification is either username+password, email+password or social login
- Second level verification is always the private key, typically represented in a passphrase
With this setup, users can easily view their balances, check any transactions made, and basically “read data”. However, they will not be able to “write data” on the blockchain like making a transfer or a trade. For that, the user will need to enter the passphrase that unlocks their account. On Blockbasis, this is denoted in the lock that you see on the top-right corner of the menu: