All two-factor authentication (2FA) methods are not equal. 2FA matters to everyone, including individuals, businesses, and government agencies. It protects private information like emails, financial records, and social media activity. In short, 2FA can be used to protect any sensitive information. Convenience is traded with protection, and it is recommended to prevent unauthorized access as a password cannot protect sensitive information from hackers, breaches, malware, device theft, and other methods that can compromise digital passwords.
2FA TYPES – PROS AND CONS
The Phone Call Method:
You access an app that requires authentication, and you enter your username and password. The app sends a phone call, and an automated prompt tells you to press any button to complete the transaction.
PROS:
Ease of use and convenience so plenty of people can use it easily.
CONS:
The call can be exploited. If the attacker has got the reach your username and password, they can complete the first part of authentication and get to the 2FA. The phone call can also be hijacked as the attacker can clone the SIM card or compromise a virtual phone number to access the incoming call. Some people may not be comfortable giving their phone numbers.
Authenticator Apps:
They are considered the most secure options available by requiring you to input the P.I.N. or code into a box and click Submit. The underlying technology for this 2FA is Time-Based One Time Password (TOTP) and is part of the Open Authentication (OATH) architecture.
PROS:
It is relatively secure as each login requires a unique PIN. Even when your phone is not linked to a mobile network, you can still use it.
CONS
It is possible to intercept and manipulate the sent data. Also, a phishing website can be built that sends credentials like passwords and the PIN/TOTP generated by the authenticator application. It can be troublesome to unlock your phone, open an app, and enter the code each time if you frequently log in on various computers.
Push-based 2FA
Some services, such as Google, may send a prompt to your phone during a login attempt. This prompt informs you that someone is attempting to log into your account. If it’s you, you tap a button to log in.
PROS
It’s even more convenient because it all works through a standard notification on your phone.
CONS
You have to be online, and you have to be holding the right device to get the message. Most phishing attacks don’t originate from the same I.P. address ranges as their victims because push-based 2FA typically displays an estimated location based on the I.P. address from which the login originated.
Hardware-based 2FA:
You set it up using hardware; whenever you want to log in, you should have the same device to get back in. A signed challenge code is sent back to the server specific to the site, your account, and the device itself.
PROS
It is safer, and you can use the same security key to access more than one device.
CONS
It is not that convenient, and you need the same device to access your account or remember a security key to access accounts. So, you need to have that key whenever you want to log in to a website or service. Another snag to using a hardware token like a security key is cost. Though if you use SMS, an authenticator app or push-based 2FA is free.
Ultimately, you need to realize that you are on the radar of online hackers, so you must take the extra to protect your online accounts. Despite which 2FA method you decide is right for you, keeping backup codes is a good idea to ensure you don’t get locked out of your account when you need them.
Conclusion
The Phone Call Method | Authenticator Apps | Push-based 2FA | Hardware-based 2FA | |
PROS | Ease of Use | Fewer Attack Attempts | More convenient | Most Safe |
CONS | Calls Can Be Exploited | Susceptible to Phishing | Requires Network ConnectivityIncreased Attacks Because of Estimated Location Generated | InconvenientExpensive |
Most organisations face data leakage and theft due to their poor data security policies. In many cases, hardware was not wiped securely or thrown away without taking adequate asset disposal measures. MITS provides safe IT asset disposal services in Pakistan. We ensure that your IT infrastructure is destroyed in a safe and sustainable way. For further information about IT asset disposal services or our other IT services in Pakistan, contact us.