The Electronic Frontier Foundation is celebrating the holiday season with “The 12 Days of 2FA”, a twelve-post series of articles on how to enable two-factor authentication across a range of platforms.
As the EFF notes in a post introducing the series, one issue that might be hindering the popularity of 2FA among consumers is a lack of standard terminology. Twitter calls it “login verification”, for example, while Facebook calls it “login approvals” and Google calls it “2-step verification”, or 2SV. It all amounts to the same powerful security concept though: Adding a second authentication factor to a login process.
Most of the mainstream 2FA systems today combine something the user knows, such as a password, with something the user has, such as a smart card. Just this week, Google made the case for combining password security with USB security key dongles, which proved reliable security mechanisms in a two-year study that the tech giant recently concluded.
But the second factor could just as easily be something the user is, using biometric authentication. Apple Pay’s use of Touch ID may be the best mainstream example of this, forgoing passwords and combining something the user has – her iPhone – with her fingerprint, in order to confirm purchases.
That example may very well show up in one of the EFF’s coming posts; in any case, the 12 Days of 2FA are sure to prove enlightening for security-conscious users.
Source: Electronic Frontier Foundation