2 Factor Authentication

(2FA)

What Is It

Popular implementation of Multi-factor authentication

Something you know

Something you have

Something you are

Something you know

Password

PIN

Secret Question

Something you have

Cell Phone (Authenticator App)

Security Token

Smart Card

Something you are

Fingerprint

Retinal Scan

Why Use It

Hackers need more than just your password

Password essentially useless without 2FA code

Threats to Passwords

Phishing

Shoulder Surfing

Keylogging

2 Factor Authentication - Options

Google Authenticator App

SMS

Hardware Token - Yubikey

Google services example

LastPass Authenticator Example

Downsides

Need code when signing into account from untrusted computer

But, some services generate one-time use tokens

What sites offer It

All the "big sites":

Google services

Amazon

eBay

Microsoft services

Apple services

What services offer It

twofactorauth.org

Corporate Use Cases

+

P@sswo4d123  =

When logging on to workstation...

Corporate Use Cases

Widespread support with ERP software

Caution

If you have 2FA enabled and received a code without requesting, change password ASAP

In Conclusion

Enable 2FA on every service you can

Encourage employers to implement

Questions?