Authentication is a process by which your identity is secured. Authentication can work several ways, including two-step authentication, multi-factor authentication, and verification. Here are some examples:
Whenever you enter a password at a website, sign on to a laptop/desktop, place your finger on a smartphone fingerprint reader, or enter a pin at an ATM, you are authenticating (verifying) your identity.
If you call your bank they usually ask you to verify a few pieces of information before they will discuss your account. That’s multi-factor authentication because you prove who you are by supplying several pieces of information typically only you would know.
You sign on to your bank or wireless carrier’s web site and each time you view the same picture of something. In this case the reverse is happening and they are authenticating to you — that means they are proving who they are to you prevent you from being tricked into using a fake web site.
Two-step authentication means nothing more than requiring just two types of information. The overall approach is known by a number of names or acronyms but what they all have in common is a requirement of a minimum of two types of authentication. You might see it called:
- Multi-Factor Authentication
- Two-Step Authentication
- 2-Step Verification
- Facebook refers to it as “login approval”
- Twitter as “login verification”
- PayPal as “security key”
For instance, here is a description of 2-Step authentication as implemented by Google when signing into a laptop/desktop:
A password is entered as usual. This is the first level of authentication. The life span of a password could be days, weeks, months or years since it can be used over and over again, so it is at risk of theft.
Enter a verification code. This is the second level of authentication. After your password is accepted a unique one time code will be sent via text message to a previously validated and trusted device – usually your cell phone. The one time code is then entered on the same device as the password.
The life span of this code, the second level of authentication is usually very brief; you are assumed to be in possession of the trusted device, and the code is not re-used. There is minimal or no risk of theft.
Though having to go through multiple steps can sometimes seem annoying — especially when you are in a hurry — it is a necessary process in order to keep you and your information safe and secure.