Last updated on Jan 7, 2024
- All
- IT Services
- Cybersecurity
Powered by AI and the LinkedIn community
1
SMS-based 2FA
2
App-based 2FA
3
Hardware-based 2FA
4
Here’s what else to consider
Two-factor authentication (2FA) is a security method that requires users to provide two pieces of evidence to verify their identity and access online accounts or services. 2FA can help protect against phishing, hacking, and identity theft by adding an extra layer of protection beyond passwords. But not all 2FA methods are equally effective, and some may pose risks or inconveniences for users. In this article, we will explore the most common 2FA methods and compare their advantages and disadvantages.
Top experts in this article
Selected by the community from 70 contributions. Learn more
Earn a Community Top Voice badge
Add to collaborative articles to get recognized for your expertise on your profile. Learn more
- Ali Ismail Awad Associate Professor of Cybersecurity at UAEU, UAE | Al-Azhar University, Egypt | Hon. Assoc. Prof. at UoN, UK |… 2
- Sarfaraz Muneer CISSP, CISM, CEH, CCIE UAE Top Digital Transformation Leader | Vice President Cyber Security | Top Cybersecurity Voice | Cloud Security Expert… 1
- Hansani Vihanga 16
1 SMS-based 2FA
SMS-based 2FA is one of the most widely used two-factor authentication methods, as it is easy to set up and use without any additional hardware or software. However, it has some drawbacks that should be considered. For example, SMS-based 2FA relies on the availability and security of the cellular network, which may be compromised, disrupted, or unavailable in certain areas or situations. Additionally, users may be exposed to the risk of SIM swapping if attackers can gain access to their phone number by tricking the mobile provider or stealing the SIM card. Furthermore, this method may incur costs for users who have limited or expensive text messaging plans.
Help others by sharing more (125 characters min.)
- Sarfaraz Muneer CISSP, CISM, CEH, CCIE UAE Top Digital Transformation Leader | Vice President Cyber Security | Top Cybersecurity Voice | Cloud Security Expert | Senior Cyber Security Architect | Public Speaker
- Report contribution
Thanks for letting us know! You'll no longer see this contribution
The most effective two-factor authentication (2FA) methods are app-based and hardware-based.App-Based (e.g., Google Authenticator, Authy): They're more secure than SMS-based 2FA since they're less vulnerable to SIM-swapping attacks. For example, when logging into a service, you'll enter your password and then a code from the app.Hardware-Based (e.g., YubiKey, RSA SecurID): They're immune to most remote attack vectors. For instance, YubiKey requires you to physically insert the device into a USB port and touch it to authenticate.For the best balance of security and user-friendliness, app-based 2FA is generally recommended. It's more secure than SMS and more convenient than carrying a physical token.
UnhelpfulLike Like Celebrate Support Love Insightful Funny 1 - Riadh Brinsi, CISSP cybersecurity SME - PECB TRAINER - ISO 27001 - ISO 27005 - ISO 28000 - ITIL - SC 200 - GCP ACE - AF Veteran
(edited)
- Report contribution
Thanks for letting us know! You'll no longer see this contribution
CONTRIBUTION #11Mostly SMS are not secure by default and they can be intercepted by imsi catchers or fake-BTS. Additionally, the management of SMS servers and the cost are another factor that could negatively impact this solution.
UnhelpfulLike Like Celebrate Support Love See AlsoSecurity questions ( two - factor authent…Protecting Your Data: Best Practices for Security QuestionsChoosing and Using Security QuestionsIs 2FA no longer secure? - Charles Square Insightful Funny 9 - Uros Babic Security Team Lead at Crayon, Microsoft Security MVP, MCT
- Report contribution
Thanks for letting us know! You'll no longer see this contribution
Two-factor authentication (2FA) is a crucial extra layer of protection to accounts:• Biometrics includes fingerprints, facial recognition, and iris scanning.• Apps like Duo Mobile and Authy are popular choices for 2FA. They generate time-sensitive codes that you enter after your password. • Physical Security Keys: These are devices that you plug into your computer or tap to phone for 2FA. •Phone Calls: A phone call to a verified phone number associated with the user. • SMS Texts - you’re required to enter your password and then a multi-number code that gets texted to your phone
UnhelpfulLike Like Celebrate Support Love Insightful Funny 7
Load more contributions
2 App-based 2FA
App-based 2FA is another popular 2FA method, where users generate or receive a one-time code via a dedicated app on their smartphone or tablet. This type of 2FA is more secure than SMS-based 2FA, as it does not depend on the cellular network or the phone number, and it uses cryptographic algorithms to generate the codes. Additionally, app-based 2FA offers more convenience and flexibility, as users can choose from various apps and sync them across multiple devices. However, there are some limitations to consider, such as needing a compatible device that must be regularly updated in order to function properly. It may also not work if the device is lost, stolen, damaged, or has a low battery. Furthermore, app-based 2FA may be vulnerable to malware or phishing attacks that can compromise the device or the app.
Help others by sharing more (125 characters min.)
- Ali Abdullah S. AlQahtani, Ph.D. Founding Director|Assistant Professor|Cyber Engr.| Electrical Engr.|Lean 6σ Blackbelt
- Report contribution
Thanks for letting us know! You'll no longer see this contribution
Utilizing AI to detect anomalies in login patterns or authentication attempts can add an effective layer to 2FA. This method can preemptively flag or block suspicious activities, even if the first two factors are compromised.
UnhelpfulLike Like Celebrate Support Love Insightful Funny 4 -
- Report contribution
Thanks for letting us know! You'll no longer see this contribution
Pros:- Generally more secure than SMS, as it is not as susceptible to interception.- Popular apps like Google Authenticator and Authy provide a convenient user experience.Cons:- Users need to install and configure a specific app.- May require manual setup for each service.
UnhelpfulLike Like Celebrate Support Love Insightful Funny 4
Load more contributions
3 Hardware-based 2FA
Hardware-based 2FA is a more advanced and secure method of authentication, where users use a physical device, such as a USB key, a smart card, or a biometric scanner, to authenticate themselves. This type of 2FA is based on the principle of "something you have", making it more difficult for attackers to steal or replicate. It also supports the Universal Second Factor (U2F) protocol, allowing users to authenticate themselves with a single device across multiple services and platforms. Despite its advantages, hardware-based 2FA has some challenges. For example, users need to purchase and carry the device with them at all times and it may not be compatible with all devices, browsers, or services. Additionally, it can be lost, stolen, damaged, or forgotten by the user.
Help others by sharing more (125 characters min.)
- Leonardo S. Security [Arch, Cloud, Blockchain]
- Report contribution
Thanks for letting us know! You'll no longer see this contribution
It provides an additional layer of security by introducing physical tokens into the authentication process. These tangible devices offer a robust defense against various cyber threats. The strength of hardware-based 2FA lies in its resilience to phishing attacks and malware. Unlike code-based methods, these physical tokens are challenging for attackers to replicate or intercept remotely. Users simply plug in the hardware device or insert a card to complete the authentication process, adding a tangible dimension to digital security. Organizations handling sensitive data or prioritizing stringent security measures often opt for hardware-based 2FA to protect against evolving threats.
UnhelpfulLike Like Celebrate Support Love Insightful Funny 2 - Riadh Brinsi, CISSP cybersecurity SME - PECB TRAINER - ISO 27001 - ISO 27005 - ISO 28000 - ITIL - SC 200 - GCP ACE - AF Veteran
(edited)
- Report contribution
Thanks for letting us know! You'll no longer see this contribution
CONTRIBUTION #10I think that hardware 2FA is recommended for many reasons. It is difficult to replicate, it uses many protocols and can be compatible with most existing systems. The challenges with hardware based can be solved with a spare device, remotely disabling or out of service. We can also add a biometric factor.
UnhelpfulLike Like Celebrate Support Love Insightful Funny 2
Load more contributions
4 Here’s what else to consider
This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?
Help others by sharing more (125 characters min.)
- Ali Ismail Awad Associate Professor of Cybersecurity at UAEU, UAE | Al-Azhar University, Egypt | Hon. Assoc. Prof. at UoN, UK | Educator | Associate Editor | Program Coordinator | Invited Speaker | SMIEEE | MACM
- Report contribution
Thanks for letting us know! You'll no longer see this contribution
It is important to evaluate the necessity of implementing a two-factor authentication (2FA) method for a system based on its criticality and the sensitivity of the hosted data. Additionally, the chosen 2FA method should be accepted by the users of the system. It's possible to select a method that may not be convenient for the system's users.
UnhelpfulLike Like Celebrate Support Love Insightful Funny 2 - Hansani Vihanga
- Report contribution
Thanks for letting us know! You'll no longer see this contribution
The method of 2FA highly depends on the usecase of the scenario. H/W based 2FA is secure but it can be inconvenient sometimes because it should be carried with you and if yours get lost you should have another backup key so I think it might not be practical in all cases. However, going App based is good since we all have the mobile with us all the time.Most authentication apps also require the mobile authentication method to satisfy for the app itself so its more secure.Another method we can add here in the push based 2FA where you get a approve or deny in your mobile if your account is accessed according to an unfamiliar signin property, I have seen this in Google.I personally don't recommend SMS based 2FA because of interception attacks.
UnhelpfulLike Like Celebrate Support Love Insightful Funny 16 - Jim Desmond (CISSP, CISM, CFE) CISO/CSO | Advisor | Leader
- Report contribution
Thanks for letting us know! You'll no longer see this contribution
Authentication as a single event is misleading. Context of the access is critical and should dictate the strength of the authentication. If you attempt to enter a bank, the guard or teller might glance at you, but for the most part the risk is low. But if you want to enter the vault, there will be multiple authentication events leading up to that moment. SMS is fine in some places, but it can be subverted with a determined attacker. Hardware tokens are strong as well, but again, can be stolen or acquired. The authentication picture you paint must match the risk to the organization. Easily said. Much more difficult to do.
UnhelpfulLike Like Celebrate Support Love Insightful Funny 8 -
- Report contribution
Thanks for letting us know! You'll no longer see this contribution
Biometrics: Unique traits like fingerprints or facial scans.TOTP: Time-sensitive codes from authenticator apps.Physical Keys: Hardware devices for added security.Combining what you know, have, and are enhances account security significantly.
UnhelpfulLike Like Celebrate Support Love Insightful Funny 5
Load more contributions
Cybersecurity
Cybersecurity
+ Follow
Rate this article
We created this article with the help of AI. What do you think of it?
It’s great It’s not so great
Thanks for your feedback
Your feedback is private. Like or react to bring the conversation to your network.
Tell us more
Tell us why you didn’t like this article.
If you think something in this article goes against our Professional Community Policies, please let us know.
We appreciate you letting us know. Though we’re unable to respond directly, your feedback helps us improve this experience for everyone.
If you think this goes against our Professional Community Policies, please let us know.
More articles on Cybersecurity
No more previous content
- Here's how you can enhance teamwork and collaboration in cybersecurity with emotional intelligence. 1 contribution
- Here's how you can ace your cybersecurity interview. 7 contributions
- What tools can you use to detect security vulnerabilities in Python? 1 contribution
- How can you secure your Python automation scripts against vulnerabilities? 1 contribution
- What are the best practices for securing Python-based blockchains?
- What steps can you take to monitor and detect intrusions on your wireless network? 7 contributions
- How can you secure Python applications on embedded systems against threats? 20 contributions
- How do you ensure secure Python scripting in IoT applications? 13 contributions
- How do you protect your Python applications from common vulnerabilities?
- What strategies can you employ to protect Python code against cross-site scripting? 15 contributions
No more next content
Explore Other Skills
- IT Strategy
- System Administration
- Technical Support
- Software Project Management
- IT Consulting
- IT Operations
- Search Engines
- Data Management
- Information Security
- Information Technology
More relevant reading
- Cybersecurity How can you avoid sharing sensitive information online?
- Security Awareness How can you use MFA to protect your accounts?
- Cybersecurity You think you’re safe online. But are you really?
- Authentication How do you deal with MFA and 2FA failures and recovery options?
Help improve contributions
Mark contributions as unhelpful if you find them irrelevant or not valuable to the article. This feedback is private to you and won’t be shared publicly.
Contribution hidden for you
This feedback is never shared publicly, we’ll use it to show better contributions to everyone.
