What is two step authentication and how does it work
One-time passwords, or HOTP, and time-based one-time password, or TOTP, rely on a server to generate the keys. For example if you set up 2FA on Google Authenticator, then as a website developer you get an email with a six-digit code and a QR code. You open the QR code in your browser and enter the two codes. This is one-time verification. If the person is the rightful owner of the website, he or she will have gotten an email too, and inputted the code in a browser. This is called two-step verification.
Google Authenticator is not the only 2FA app; there are many others with different interfaces and capabilities. Some can be used by software to log you into websites or recover account access if you get locked out. Two-step verification is also called two-factor authentication (2FA).
Different mobile platforms have different support. But the latest ones—Android Lollipop and iOS8—have integrated 2FA capabilities.
The most common mode of two step authentication
I will just compare those two and look at the most common mode of two step authentication. The first one is what I call HOTP+VV. The second one is TOTP+VV. And HOTP+VV is a more complicated version of Google Authenticator. What I mean is that if you are in this mode, your second step is the same as your first step. That means the code changes every 30 seconds, but they both start with the same code. So you can use them interchangeably. So if you lose your smartphone, or your passcode gets changed, or your phone gets stolen, you can still get in using the same code. That is the advantage of that mode.
The other modes are not as convenient. If you have a Google Authenticator and another one from a different company, it only works if the second number starts with one of the codes generated by Google Authenticator. Well, those codes are generated from the same seed, so the second code would only be available if it is the first one or the last one or something like that.
Benefits of using two step authentication
The main benefit of two step authentication is to prevent password brute force attacks. But that’s not the only benefit. Two step authentication has a few interesting features: You don’t need to set up a system in order to use it. So you can have this type of two step authentication on your browser and every other device. In fact, nobody needs to set up any codes to have multiple accounts that require two step authentication. This is a very important plus for web developers who want their clients to use the same account on different devices. Two-step verification means that you have an extra layer of protection against phishing, malware, and hacking attacks. If a hacker stole your phone number, he or she would not be able to instantly get into your account. The second step requires that the user type a code sent via text message. This helps prevent imposters from entering your account if you travel a lot or have an overseas job.
Title:Benefits of using two step authentication [REVIEW]
This is an excellent article that describes the benefits of two-step verification over just relying on password alone. In addition, the article also provides a list of devices/tools that can be used with Google as well as a link to a very detailed breakdown of how it all works.
Title:Benefits of using two step authentication [OPINION]
How to enable two step authentication on various devices and websites
In order to set up two step authentication, you need to have an account on the website or service. First of all, you should check if the site already has 2FA enabled. If they do allow 2FA, then check if they support HOTP+VV or TOTP+VV. Google Authenticator is just one option that you can use. Two step authentication can be also set up by any other 2FA system or by SMS verification and in some cases via OTP using a phone app. You can also use Google Authenticator on top of a text messaging system, like Twilio’s Authy. And even without any two step authentication system, you can set up your own verification code in your browser if you choose with the help of a service like Authy.
If you need to use other in-browser 2FA systems, you can enable them by changing the settings of your browser in the usual way. How to enable such a system depends on the site’s security policy and how secure it is. You should check this beforehand. The most effective are systems that use a USB dongle, like Google Authenticator and Authy. Other systems might be less secure than one that uses a USB dongle, however.
How to enable 2FA systems depends on the site and is different for each one. If you use Authy or Google Authenticator, you need to configure it so that it can work with the site to which you are registered. If a site does not support Google Authenticator or Authy, it may be able to use other systems, like Captcha and SMS verification, however these solutions are more vulnerable to attacks.
Google Authenticator [to use as knowledge, not to be copied verbatim]:
Examples of two step authentication in action
We have a lot of examples of two step authentication in action. Every time you log in to your website or service, it sends you a 2FA code. You then enter this code on your device, and it recognizes the 2FA. Or if you are using Authy, Twilio, or 2FA Generator, the app will ask you what SMS verification system to use. So then you get an SMS asking for an OTP or a verification code and that’s how your account is secured. These 2FA systems are very convenient because they allow you to use them on your other devices and websites. You don’t need to set up anything. And if you want to use more than one account, all you need is one code for the first account and another code for the second one. All the 2FA systems are very easy to implement and with just a little setup you can be more secure.
Another use of two step authentication is if you want to set up OTPs for your online payments without giving anyone the actual OTP. A lot of sites will ask for an OTP and then give it to the bank or the service that handles payments, but in reality it’s extremely difficult for a hacker to get your OTP because it would mean hacking into what is essentially an impenetrable fortress. So instead you can use two step authentication to send them the OTP and the service will handle it from there.