The Two Types of Two Factor Authentication and How They Impact Cybersecurity

Two Factor Authentication (2FA): a security system that requires two distinct forms of identification in order to access something.

Cybersecurity: the measures taken to keep electronic information private and safe from damage or theft.

(Security) Token: a portable device that authenticates a person's identity electronically by storing some sort of personal information

Definitions source: www.investopedia.com

Two-factor authentication (2FA) is significant not just for cybersecurity fans but for anyone who values their privacy. What's more, it's so widespread nowadays that it's hard to avoid it altogether. But not all 2FA processes are made equal.

With the risk of oversimplifying the topic, we can organize the various 2FA processes into two large categories: app-based and non-app-based. The former makes use of a specialized app, which acts as a token for an additional layer of the authentication process. The latter makes use of a different channel, such as SMS, phone call, or even an iris scan, to validate the user's identity. Naturally, both methods have their strengths and weaknesses, which makes them even more worth exploring.

Non-app-based 2FA has been around longer, and it's an established way of performing 2FA. For more security-critical processes, such as monetary transactions, it can take the form of a physical token (e.g., a specialized fob) that the user has with him at all times. This level of 2FA is good enough for most banks, and it makes identity theft extremely difficult and probably not cost-effective for the majority of cases. Non-app-based 2FA can be more straight-forward, though, as in the case of SMS or phone calls, something that many banks use too, especially for facilitating the pairing of a phone with an account. Note that between the two, SMS is bound to be safer since it can better ensure that the phone number corresponds to an actual phone rather than a VoIP line (though there are exceptions to this too).

App-based 2FA is more often than not a liability, an unnecessary one at that. Despite the convenience this type of 2FA offers, there are many more things that can go wrong (e.g., the app stops working, the app may have a backdoor or even compatibility issues with the latest version of the OS that you just installed). Naturally, a bank is bound to have the resources to build a solid app that doesn't yield any issues. However, most other apps (esp. third-party ones, developed with a smaller budget, often by less qualified developers) are sub-par in that regard. In other words, unless you have to use such an app, you are better off not doing so.

Of course, the topic of 2FA is highly complex, so these suggestions are more like rules-of-thumb. However, they are a good starting point since you've got to start somewhere, and most cybersecurity material on the web tends to be arcane at best. In general, the more sensitive a process is (particularly when it involved sensitive data), the better the cybersecurity it requires. And even if you use the strongest password out there, this may not be enough sometimes. That's why it's good to be aware of various aspects of this field and get acquainted with the terminology. At the very least, you'll be able to keep scammers at bay!