In che modo la verifica a due fattori può proteggerti dagli hacker

How two-factor authentication can protect you from a hacker

Ever since the world became increasingly connected, there has been a rise in hacking attempts, targeting not only businesses but individual users as well. The reason? Our social media accounts can tell a hacker or burglar more than we might think, giving away specific information on when we are leaving the house, what routes we regularly take every day, or times when we are away from home for long periods.

But that’s not all: A fair few of us keep extremely sensitive photos and digital content in the cloud that cybercriminals could use as the basis for extortion. We are not then talking about bank accounts or the risk that huge sums will be removed from them without our knowledge, or even of online purchases made using the credit card of an unsuspecting holder. In short, there is a need for a better form of protection against the dangers posed by the Internet, and two-factor verification may just be the answer.

What it’s all about

Two-factor authentication (2FA), also known as multi-factor authentication or two-step verification, is a popular way of adding an extra layer of security to online accounts. In its most common form, it will prompt you to enter a temporary code that you will have received on your cell in order to access a specific profile. Anyone who cannot intercept the message will not be able to steal the intended recipient’s identity. There are three levels of authentication: alphanumeric, device-based, and biometric.

The ways it can work

In the first scenario, you access the desired profile using the code mentioned above, which you will have received on the cell phone you used to register. In the second, you will be asked to perform a certain action on your personal smartphone, such as accept a notification. In the third, access is granted based on a form of personal authentication such as fingerprinting, face scanning, or voice recognition. In each case, the process is rightly referred to as two-step verification because the first step involves the user entering their usual password and the second adds an extra stage as an additional layer of security.

In reality, there also exists another method as an alternative to those listed above: the code-generator app or key. Code-generator keys were originally given out by banks to their customers. They display a sequence of numbers and letters that the customer then enters into a request field before executing a transaction or other operation. The method has now been incorporated into other services, including the main social networks and e-mail platforms, enabling the use of a key with a screen that displays a temporary string.

This has been superseded to an extent by apps such as Google Authenticator, Authy, or DuoMobile, which perform the same task but exclusively in the digital domain. Using an authentication app requires extra setup but offers better protection than a text message. The latest versions even do away with the need to enter a code, merely asking the user to create a personal password to be able to access their desired service. Unlike its traditional counterpart, this password has to be entered on the cell phone registered with the service rather than by any old user anywhere in the world. Even the laziest among us would therefore agree that the 2FA method is a useful way of making a hacker’s life harder, if not impossible.

Is it really more secure?

Let’s take a specific example. If you have a home security system, you will reduce the risk of a break-in. If you have a great big dog, you will lower the risk of a break-in. If you were to combine your home security system with your great big dog, your home would become even harder to break into and a less attractive target. Most burglars will seek out an easier victim with less protection. In the same way, two-factor authentication prevents hordes of hackers from getting into your account. Many will try to force entry and, not succeeding straight away, will turn their attention elsewhere.

As well as your password, a cybercriminal would also need access to your phone, the tokens sent by your text messages, or your live notifications in order to break in. It’s not impossible, because an intruder could also steal your cell. This is why it’s vitally important to stay alert, in both the digital world and the “real” one.

This post is also available in: GermanFrenchItalian