Consumer Oriented Two-Factor Authentication and the Challenges

By

Apr 30th


After Facebook, Google, Microsoft and PayPal, Apple has started offering two-factor authentication to help its customers secure their Apple IDs against hacking. Initially, two-step verification is being offered in the U.S., UK, Australia, Ireland, and New Zealand. Additional countries will be added over time, per Apple’s support website.

The new feature is designed to block unauthorized changes to the iCloud or iTunes accounts, and keep hackers who steal Apple IDs from purchasing digital context or hardware using the credit cards stored in the customer’s iTunes and Apple store.

Security experts welcomes and commended the Apples steps toward protecting its users and data from hacking and hijacking from the cyber criminals and hackers.

Two-factor authentication, also called two-step verification process- is more demanding method of locking an account then with a simple password-only process. In the enterprises, for example two-factor authentication relies on hardware based security tokens that generate passcodes, which is valid for about 60 seconds and must be entered along with a PIN to be usual password. This principle is based on:

* Knowledge factor (“something the user knows”)

* Possession factor (“something the user has”)

* An inherence factor (“something the user is”)

In the web based environment, where the mass consumer based uses the web services, it’s impossible for service provider to distribute the physical tokens to each and every individual user. Instead, they send out a passcode to a mobile phone numbers the user has set earlier. The password is typically sent as an SMS (Short message service) text.

According to the security advisers, “Two-factor authentication would be a great option for protecting high-profile brands, celebrities and those who simply want that extra layer of security for their online identity.

The Increasing Trend

Several well-known Web services providers have recently added two-factor authentication to secure their users’ / consumers accounts, or speeding up to adopt the similar approaches, often after their networks were breached.

Dropbox, for example, added two-factor last August after usernames and passwords were stolen from another website, and then used to access accounts. Facebook debuted two-factor in 2011. And Evernote, which had to reset 50 million passwords earlier this month after a hacking, working to speed up the work on two-factor authentication.

In Addition, Twitter recently has suffered a major compromises with sophisticated hackers breached the microblogging sites servers and stole the user names and encrypted/salted passwords for about 250K users.

How Does It Work?

In the two-factor authentication process, you need to register one or more trusted devices with the service providers in first step. The trusted device is a device which a user can control and that can receive a verification codes using either SMS or another mean to verify users identity.

In the 2nd step, once a user have registered the trusted device then any time a user sign into the website to access the services or manage account, makes any changes or initiates purchases, user needs to enter the password and a verification code received in the trusted device from the service provider in order to fully singed and use the services.

Leave a Reply

 
© 2006-2019 Security magazine.