Page 35 - Cyber Warnings
P. 35
2 Step Authentication vs 2 Step Verification
We often get the option of using more than one factors for authentication to verify our identity for
an account. Using ATM card is a good example of that. We provide a PIN and the ATM card to
authenticate ourselves to the Bank. This is called 2 Step Authentication.
Again, sometimes we use One Time Password or OTP to login in an account. For example,
while using Gmail we often get the option of authenticating ourselves using a password as well
as an SMS sent over to our mobile. It is often called 2 Step Verification.
We often use the terms 2 Step Authentication and 2 Step Verification interchangeably. Are they
same or are they different ? How are they different from each other ?
Let's understand first what 2 Step Authentication and 2 Step Verification actually are.
Authentication factor is the different credentials that a user use to verify her identity. These
factors can be of three types :
Knowledge factors, i.e. something the user knows, such as passwords, PIN or any
pattern.
Possession factors, i.e. something the user has, such as ATM cards, phones etc.
Inherence factors, i.e. something you are, for example biometric like fingerprint, eyeris
etc.
In a 2 Step Authentication, the user uses any two types of the above factors, for example PIN
and ATM card, password and biometric etc.
In a single factor authentication, the user uses only one type of credentials, a password for
example. Most online accounts support single factor authentication.
But as we know, single factor authentication is not secure enough. For an online account that
supports passwords only, can easily be hacked by attackers using various malicious methods.
And thus, we needed a 2 Step Authentication procedure.
2 Step Authentication process support two types of credentials. So, even if one of the
credentials of a user gets compromised, the account still remains safe, as long as the second
credential of the particular user is not hacked by the attacker.
As I said, a good example of 2 Step Authentication can be authentication using ATM card and
PIN.
Even if the user's PIN is compromised, the attackers cannot hack the account as long as they
are unable to physically possess the ATM card of the user.
35 Cyber Warnings E-Magazine – May 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
