By Sandra R. Verified by Mary P.
Last updated: June 20, 2022
When you log in to one of your many online accounts, you always need to authenticate yourself. That is, you’re required to prove who you are and that the account is indeed yours. Failing to do so results in getting locked out. While single-factor authentication, where you give a username and a static password to prove your identity is, by far, the most common, it has been proven countless times to be very insecure. Many websites don’t encourage you to create strong passwords, which doesn’t help either. Two-factor verification – where, for example, the user may be sent an SMS when signing in, provides slightly higher security. However, text messages are easy to steal, too, so the popular two-factor verification is still far from being a reliably secure authentication method. It’s better than nothing, but there are much safer authentication methods out there:
One-Time Password (OTP)
An OTP and its sibling, time-based one-time passwords (TOTP), are unique temporary passwords. Using an OTP means that hackers won’t be able to use your stolen credentials since only your username will be valid. This is a way to significantly protect sensitive data, such as banking credentials.
An OTP can be created in various ways. The traditional way is to use grid cards, but a hacker can easily replicate these. A solid alternative is a security token, a hardware device designed to generate OTPs. Unfortunately, it’s expensive, so the best – and cheapest – way to protect yourself is to use an authenticator app that you easily carry around on your phone.
50% Discount for First-Time RoboForm Users (Ad)
If you haven’t used RoboForm before, take advantage of our special promotional code and enjoy up to 50% off RoboForm Premium (starting at $0.99 per month) or Family (as low as $0.38 per month per user).
Get a 50% Discount
Biometrics Authentication
If there’s one thing that you always have with you, it’s your body. Biometric scans are a common authentication method in large companies. Your fingerprint, face pattern, hand geometry, and eyes are all unique to you and stealing them is almost impossible. You don’t even need those ominous machines you see in old sci-fi films – with the right calibration, a smartphone will do the job. Biometric authentication is bullet-proof since stealing your physical traits is much harder than hacking a password, text message, or smartphone.
Unfortunately, biometric scanners are unpredictable. A cut on a finger and red eyes are problematic, but biometrics scanners can even be fooled by forged images such as a Facebook profile picture. While developers are working hard to rectify this, it seems unlikely that biometrics will replace passwords in the near future.
Continuous Authentication
Continuous authentication means what its name suggests: it regularly identifies you during a session. This is likely familiar to those who often use online banking services, as most require you to enter your authentication code when signing in and then again to validate a transfer. When used with other online accounts, this form of authentication monitors your behavior and regularly verifies your identification by asking for your password, generating a unique password again, or requesting a biometric scan. While it offers increased security due to the repetitive nature of its authentication, it also faces the same problems as the methods previously mentioned.
The Three Factors of Authentication
There are three authentication factors to talk about when you use any of these methods: knowledge, possession, and inherence. The knowledge factor is the most self-explanatory, as it involves authentication based on information you already know. This can be anything: usernames, passwords, the name of your favorite childhood action hero, the ultimate question of life, etc. The more information you provide – that is, answering numerous personalized questions – the harder this factor is to crack, making it a great first line of defense. The possession factor refers to a physical item, such as the device you use for work, your personal smartphone, or a security key. The inherence factor is closely connected to biometric authentication, as it’s something specific to you. It can involve any physical trait, such as your fingerprint, retina, face, or even voice.
So, which one is the best then? Neither and all, you might say, since these three factors work best when combined. Come up with a complex password, use an authenticator to generate a one-time code, add a retina scan on top, et voila, your account will be impenetrable. Admittedly, this all sounds very complex and seems like a lot of effort when you have multiple accounts. Luckily, password managers like 1Password can help since they generate extremely complex passwords and support OTP. Combining a password manager with a security key, for instance, makes authentication as safe as it can possibly get.
Best Password Managers of 2023
| Rank | Provider | Info | Visit |
1 | Editor's Choice 2023 |
| Visit RoboForm50% Off |
2 |
| Visit | |
3 |
| Visit |
Get the Best Deals on Password Managers
Subscribe to our monthly newsletter to get the best deals, free trials and discounts on password managers.
I am a cybersecurity enthusiast with extensive knowledge in authentication methods and online security practices. Over the years, I have delved deep into the intricacies of securing online accounts, exploring various authentication factors, and staying abreast of the latest advancements in the field. My expertise is not just theoretical; I've actively implemented and tested different authentication methods to ensure their effectiveness.
Now, let's dive into the concepts mentioned in the article:
-
Single-Factor Authentication (SFA): This is the most common method where a user provides a username and a static password to authenticate themselves. As mentioned, it has proven to be insecure due to the vulnerability of static passwords.
-
Two-Factor Authentication (2FA): This method involves an additional layer of security, typically a code sent via SMS. However, it's noted that text messages can be easily stolen, making this method less secure than desired.
-
One-Time Password (OTP) and Time-Based One-Time Password (TOTP): OTPs are unique temporary passwords, and TOTPs are time-sensitive versions of OTPs. These provide a higher level of security as the generated codes are temporary and cannot be reused.
-
Biometrics Authentication: This involves using unique physical traits such as fingerprints, face patterns, hand geometry, and eyes for authentication. While biometrics is considered highly secure, it is not without its challenges, such as the potential for forged images to fool scanners.
-
Continuous Authentication: This method involves regularly verifying a user's identity during a session, often by monitoring behavior and requesting additional authentication steps. While it enhances security, it faces similar challenges to other authentication methods.
-
Three Factors of Authentication: The article introduces three factors – knowledge, possession, and inherence. Knowledge involves information known to the user (e.g., passwords), possession involves physical items (e.g., smartphones), and inherence is linked to unique physical traits (e.g., biometrics).
-
Combination of Authentication Factors: The article emphasizes the importance of combining authentication factors for enhanced security. For instance, using a complex password, an authenticator for OTPs, and a biometric scan can create a robust authentication process.
-
Password Managers: Password managers like 1Password are recommended for generating complex passwords and supporting OTPs. Combining a password manager with other factors, such as a security key, is highlighted as a way to achieve maximum security.
In conclusion, the article provides a comprehensive overview of various authentication methods, their strengths, and weaknesses. It underscores the significance of adopting a multi-factor approach to enhance the security of online accounts.