[IMAGE: https://cdn.steemitimages.com/DQmdeBjGVVhu6HVimUy1RKTCxupjGuXmwZoiBEptWKdxath/home1.jpg]
Security is always a big concern when it comes to protect individual's personal online credentials. The war between hackers and security experts remains endless. If security experts always explore new ideas to increase the protection by using various new security methods then hackers always find new ways to breach the security.
Earlier single factor authentication was most widely used to login with your emails, hardware devices, many website portals and still commonly used by many users. One big problem with passwords is the fact that users reuse them and hackers know this, so once they steal an authentication credential for one compromised account, they will attempt to use it to break into the victim's other services. Users also choose weak passwords, which leaves them open to hackers using readily available password cracking tools. Although it is the weakest method but still commonly used by non-tech savvy people.
Types of 2FA Authentication Methods
- SMS 2FA
- Authenticatior APP/TOTP 2FA
- Push Based 2FA
- Universal 2nd Factor (U2F) 2FA
SMS 2FA
SMS 2fa is used to login to your portals through sms. Website asks users to put their mobile number with login credentials. After enabling user always has to put one time password (usually of 6 digit code) along with the username and password. It is a very popular option for sites to implement, since many people have an SMS capable phone numbers and it doesn’t require installing an app. It provides a significant step up in account security relative to user’s login credentials. This method have some limitations.
https://cdn.steemitimages.com/DQmbzhXhZs5MWPH6WNtiBdG7LrbiQb8tsSSEmDHZycHxiNv/sms%202fa.png
Limitations
- Phone Number can be shared by the portals
- Some websites can use client’s 2FA for others purposes like marketing, conversation tracking, and password resets.
- Can’t login if phone is dead or stolen or sometimes can’t connect to a mobile network while travelling.
- SIM Porting Attack
Time Based 2FA
2FA keeps your account safe even if someone able to get access to your master password. With 2FA, a hacker will not be able to access your data unless they have the hold on the device where you set up Two-Factor Authentication. The second generation authentication which is call two factor authentication or 2fa is the most common method used by the clients in various exchanges. Although it's a useful countermeasure to have among your defenses, but ultimately, it's not the silver bullet capable of stopping hackers to stole your treasure because it has some limitations.
https://cdn.steemitimages.com/DQmSNFY8vJjFxi2CE4Z4ouSLifN1LNK3Uf3bP98XZQUqeiH/time%20based.png
Limitations
- Same copy of Shared Secret key kept with the service provider like crypto exchanges where users have registered . If attackers manages to attack on user’s exchange then he/she can completely compromises your authenticator 2FA.
- Shared secret key is not stored in the form of cryptographic hash.
- Phone lost or dies worries
- If your don’t have backup of your recovery codes or printed copy of QR code then you can loose your account permanently.
- Could be incovenient if user frequently use different computers, to unlock your phone, open an app, and type in the code each time.
Push Based 2FA
Push 2FA is one of many two-factor authentication methods that enable users to approve or deny the logins using Duo Mobile App and Apple’s trusted devices method. The Duo Mobile app delivers two-factor push notifications to user’s phone for fast and secure access. After logging in with your username and password, choose Duo Push on the authentication prompt then, tap ‘Approve’ on the push notification sent to your phone seconds later to securely access your application.
Duo Push is effective method against man-in-the-middle and phishing attacks which allow attackers to steal user’s password and their second factor, ensuring Trusted Users as part of a complete Trusted Access solution. But this method also have some vulnerabilities.
https://cdn.steemitimages.com/DQmVeezvCKFXhGrjuQSBZjiZm46WfckNctzbaaL3GnqfNe7/push%202fa.jpg
Limitations
- Requires internet all the time while logging
- Not standardized by all.
- Device must support the installation of mobile application
Universal 2nd Factor (U2F)
In December 2014, Google and Yubiko introduced U2F for clients and servers. After then many government organisations start using U2F in their login services. Currently U2F is the most advanced authentication method which is used by most popular browsers like mozilla firefox, chrome and internet explorer and many more.
In order to use U2F user first need to buy one dedicated hardware security key device. User just need to plug into usb port of their laptop or desktop when prompted and press the button on the top depending on the manufacturer and then user will successfully logged in. U2f has got many features over other 2FA methods.
https://cdn.steemitimages.com/DQmNP2hF2tSkQEBUidPJReh9rL7KL4BVofwxQh4tGAYbZD9/u2f.png
U2F over other 2FA
- Strong two-factor authentication using public key crypto that protects against phishing, session hijacking, man-in-the-middle, and malware attacks.
- Unlimited usage in that an unlimited number of accounts can be protected by one single device.
- Easy to use with all popular browsers with no codes to re-type and no drivers to install.
- Allows users to choose, own, and control their online identity. Each user can also opt to have multiple identities, including anonymous, with no personal information associated with the identity.
- A U2F Security Key generates a new pair of keys for every service, and only the service stores the public key. With this approach, no secrets are shared between service providers, and an affordable U2F Security Key can support any number of services.
- Open standards provide flexibility and product choice. Designed for existing phones and computers, for many authentication modalities, and with different communication methods (USB and NFC).
Limitations
- Not Widely available because of new technology
- Not completely supported by all the popular browsers except chrome
Top 3 U2F hardware devices
1 Yubico [Yubikey 4 Nano]
2 Thetis [Fido Universal]
3 Kensignton [VeriMark USB Fingerprint]
Conclusion
However it’s completely up to the users which method to choose. SMS 2Fa is the most conveneient method whereas u2f is the most securest method but although on papers seems that U2F is the best two factor authentication type available in the cryptographic world. But my personal advice is use third auhentication method by trained and aware yourself along with 2FA and never easily compromised based of personnel.
