2FA - OTP vs App vs Hardware Key

2FA is almost a necessity today. We see more and more services in the cloud more and more are getting compromised every day. Therefore, it is necessary to use some sort of 2FA (Two Factor Authentication) on at least the more important accounts you have, especially Bank Accounts, online Payment services such as Paypal and other more important accounts you may have.

Two-Factor Authentication (2FA) is sometimes called multiple factor authentication. In simple terms, it adds an extra layer of security to every online platform you access. The first layer is generally a combination of a username and password. Adding one more step of authenticating your identity makes it harder for an attacker to access your data.

Why?

A simple username and password does not cut it anymore. If you do a search on Google for "websites with security breaches" or "security breaches 2020", you will come up with dozens of sites such as dropbox, facebook, twitter, Yahoo, LinkedIn etc. These have all been compromised and if you have an account on one of these sites your identity could have been compromised. Banks to have been compromises. In 2019 CapitolOne was compromised.

What?

There are basically 3 different types of 2FA (Two Factor Authentication )

  • OTP - One Time Passwords - After logging in with a Username and Password the site sends you a code via Email or Text message to complete the login.
  • 2FA App Authentication - After Logging in to a Site or Service you are asked to enter a secondary passcode (usually 6 - 8 characters) which you get from an app on your phone or desktop app. Some of the more common 2FA Apps are Google Authenticator, Authy, Duo Mobile and Microsoft Authenticator.
  • 2FA Hardware Authenticators (FIDO U2F, YubiKey etc.) - You are asked to authenticate with a hardware device such as a USB type key.

Where?

Where should you use 2FA today? Basically, anywhere you want to protect your information

  • Your Password Manager
  • Email Account
  • Your Bank Account(s)
  • Credit Card Accounts
  • Online Payment Processors - Paypal Accounts
  • Your Hosting and Server Accounts - AWS - GoDaddy - Domain Registrar - Digital Ocean - OVH etc....
  • Cloud Storage Accounts - Dropbox , Google Drive, One Drive , pCloud

Summary

Passwords have been the mainstream form of authentication since the start of the digital revolution. But, this security measure is far from perfect. Here are some worrying facts about this traditional security measure:

  • 90% of passwords can be cracked in less than six hours.
  • Two-thirds of people use the same password everywhere.
  • Sophisticated cyber attackers have the power to test billions of passwords every second.

The vulnerability of passwords is the main reason for requiring and using 2FA.

Posted in Linux Network Admin Tips, Network Security Tips on Sep 14, 2020.