What is two-step verification (2SV)?

privacy policy, it, password, two-step verification

Protecting the sensitive data of the dozens of applications and accounts that each one has scattered around can be a really complicated task. However, two-step verification (2SV) was born with the aim of keeping your privacy safe.

Two-Step Verification (2SV) is a method of signing in to cloud-based apps and services securely. Many companies, including Google, Amazon, WhatsApp, and many others, allow people to enable 2SV on their devices or accounts.

Users may be at greater risk of compromised passwords than they realize, especially if they use the same password on more than one website or application.

Downloading apps or programs and clicking links in emails can also expose a person to password theft.

As sophisticated threat actors increase their attacks on small businesses, a two-step verification process adds an extra layer of protection. Next, we will examine what two-step verification or authentication is, how it works, and why it is so relevant that it is used.

What is two-step verification (2SV)?

Two-Step Verification (2SV) is a security system that uses only one authentication factor and two steps to validate a user’s identity.

It is a process that some security systems employ as a way to verify a user’s identity (authentication) before granting access. Typically, this involves identifying two pieces of information that the user knows, such as a password and a one-time PIN (OTP) that they receive via SMS text message, for example.

2SV is the next step up from traditional single-factor authentication, which requires a user to enter only their username and password to access their account. A classic example of two-step verification: a user logs in with a username and password, followed by a link verification process sent to their email.

Another example: if your user is asked to provide two different passwords, one after the other, then it is two-step verification because the user has to go through two processes.

These are the 3 authentication factors

There are three types of identification factors that can be used to verify the identity of users before allowing them access to applications or systems.

Knowledge: something you know

A knowledge factor can be defined as the identification of secret information known only to the user who associates them with their account.

The knowledge factor is an indispensable authentication factor. It can be used in all forms of authentication methods, including 2FA, MFA, and 2SV. Both steps in the two-step verification protocol are part of the knowledge factor. Even in the case of two-factor authentication, these ‘secrets’ are often used as one of the verification factors.

So what counts as a knowledge factor?:

  • passwords 
  • One-time PINs (OTP) that are sent via SMS text messages to mobile or email
  • Answers to secret questions (such as ‘what is your mother’s maiden name?’)

Inherence: something you are

An inference factor is a way of verifying a person’s identity by a natural characteristic of an individual to grant access to their account. It is almost impossible to mimic a person’s genetic characteristics, such as fingerprints or their face (biometrics).

Therefore, including these characteristics to identify the legitimacy of a person becomes a powerful authentication factor.

A few years ago the use of this technology was quite expensive and therefore it was impossible to provide the scanners for recognition to the users. With the evolution of technology, these have become smaller and more affordable and can be used on most smartphones.

Possession: something you have

A possession factor refers to something you own, a type of tangible item that shows you control your device. This authentication factor takes into account the basic idea that you, and no one else, must be in possession of the registered hardware for authentication. 

The user can then enter their username and password and then use a possession factor as their second identifier in the authentication process.

Some examples of possession factors include:

  • OTPs generated by authenticator apps on your mobile device
  • RSA hardware tokens
  • Company identification cards (such as smart cards)

2FA (two-factor verification) Vs 2SV (two-step verification)?

The more popular an idea is, the more misconceptions there are around it. In some cases, the term two-step verification (or authentication) is often used instead of two-factor authentication. The main differentiator, in this case, is in the word ‘step’.

A two-step authentication or verification process can include the same two steps. As we distinguish between factor and steps, a factor like knowledge, explained above, can be implemented twice, requiring a user to provide a PIN once and, as a second step, an answer to a secret question. In this case the same factor is used, the knowledge factor.

On the other hand, in the case of 2FA, things change because, as its name indicates, to call an authentication a two-factor authentication, two different factors must be used, such as knowledge and biometrics, for example.

Knowing this, it stands to reason that 2SV is less secure than 2FA. In a nutshell, implementing two distinct factors in the same authentication process allows for higher security as users must provide one of three factors:

Should you take the time to set up two-step verification?

It’s easier than you think for someone to steal your password. Even if you have always taken care of them by setting up strong security, they can still be stolen through no fault of your own. In other words, even accounts protected with strong passwords will benefit from using 2-Step Verification.

In the case of Google, for example, they explain that you can log into your account with your password and phone (same factor, knowledge, two steps). 

For it: 

  • Open your Google account
  • In the navigation panel, select ‘Security’
  • Under ‘How do you sign in to Google’, select ‘2-Step Verification’ and then ‘Get Started’
  • Follow the steps on the screen

Another example of how to activate this security process could be LinkedIn. In this case:

  • Tap your profile picture 
  • Go to ‘Settings’. You will find it at the bottom of the page
  • In the ‘Login and security’ section you will find ‘Two-step verification’

With all this, as you can see, two-step verification is going to provide us with some extra security that, seeing the current situation in terms of cybersecurity, the truth is that it is never superfluous. Of course, remember that 2SV is still somewhat more insecure than 2FA.

Leave a Reply