Two factor authentication.

What is it?

A way of confirming identity by using two different components.

Why is it used?

Identity theft and hacking have often exposed personal information used in user id numbers, and phishing attacks may have exposed the passwords. Also, many people are careless with either the length of passwords, storage of passwords, or use obvious passwords. A second factor that the criminals cannot easily access provided an extra level of defence.

What is the most common formats of 2FA?

Something you know (second password) something you have (token or other hardware object which generates a second code) or something about you (biometrics including fingerprints and retina scans most common at present).

Why do a lot of firms use SMS to provide the second factor?

Using biometrics or producing a device can be expensive.

Is SMS 2FA (two factor authentication) secure?

Not by itself. SMS uses the cellular network which can be hijacked or logged. There have already been such systems which have been exploited (including gmail, which is not to say that system is worse than any other). Also there is the possibility of phone loss, at which point you have lost not only the ability to control SMS 2FA but have probably given the thief or finder a bunch of other personal data as well.

So tokens expensive and SMS insecure. Any solutions?

There are many solutions. The best middle ground right now is a secure app which generates 2FA, but doesn’t have the vulnerabilities of SMS, and can be installed on a device. Obviously, security and encryption will be important.

This is a basic primer not intended for the many forensic and cyber experts out there.