Protecting your identity is a key factor for pretty much any and every online service, but how do they do this effectively? This is where “2FA” and “3FA” come in.
Controlling your online activity isn’t as easy as it once was. Where there was once just simply a “forget password” link to reset everything, these days it can feel as if you have to jump through hoops just to make something happen.
A link here, another form of authentication there, and all of it to let you log in. That’s if you remembered your password. If you’ve managed to forget that password, you might have to jump through a few extra steps in the process.
All of this is to prove you are who you say you are, and these days, this is a pretty serious part of the identification process. It goes by a name, though, and it’s getting more complicated because scammers and cyber criminals are becoming more clued into the process, as well.
So what is the process called, and how can it help keep your online identity safe?
Multi-factor authentication
It’s a concept that goes by several names. You’ll probably have seen it referred to as “2FA” or “Two Factor Authentication”, but these days it’s transitioning to include a third factor, becoming more secure as “3FA”.
Technically, both of these are a form of multi-factor authentication, an idea that uses several forms of access only you would have access to in order to prove you are who you say you are.
The idea works like this: if you’re trying to log into a service that needs to be protected — such as a bank or a government system — you have several ways to prove who you are to make the login work.
One factor is a password, something everyone has, but that can be easily compromised. It’s logical to assume that while your password should be good and strong, it is possible for a cyber criminal to learn your password in some way.
But if 2FA is enabled on an account, a second factor has to be used to allow the login to be successful, such as an email link or a code sent to a phone number. While it’s conceivable to think that a scammer might come to know your password, it’s unlikely they’d have access to your email account or phone number, with the latter very likely to be off the cards.
Two-factor authentication is very common, and typically covers both password and a code sent to a phone, but it’s about to get even more secure again with a third factor, now in 3FA.
What is 3FA?
More than just a number and two letter smushed together, “3FA” stands for “three-factor authentication”, and means there are three ways for a service to check that you are who you say you are.
It’s not just password and one random code to a phone number, but something else, too.
“Three-factor means verifying your identity through something you know, like a PIN or password, something you have physical access to, such as a one-off PIN accessed through a mobile device, and most importantly, something you are, whether that be a voice, face or fingerprint,” said Robert Schwarz, Managing Director of Nuance Communications in Australia and New Zealand.
That third factor is more likely to be something within your immediate and direct control, too, such as a security mechanism found in your phone.
While it’s not entirely inconceivable for a scammer to get around two-factor authentication — they’d need to have access to your email account — three-factor raises the complexity level even more as they’d need to have your phone or tablet in their possession. Short of stealing it off your body and knowing the PIN to get in, that’s just extremely unlikely.
“Many financial institutions such as NAB, ANZ, and Macquarie, and government bodies such as the Australian Taxation Office and Services Australia have the option to include your voiceprint as a layer of identification,” he said.
“Most recent smartphones and many laptops and tablets offer facial and fingerprint recognition for access. These devices and accounts hold our most valuable personal information that scammers are looking to access to steal identities with various motivations – and a strong pin or password is no longer enough to stop them.”
It means that if you have a service that is supporting three-factor authentication, you may have to jump through an extra hoop in order to log in, but it’s also just that much more secure than one without.
Of course, 3FA is still quite new, and may not be available for your service yet. But the more it becomes known, the more you can expect it, helping to keep your services and your online life a little safer overall. Just keep that phone with you and it should be fine.