2FA - what it is and how to use it.

2FA - what it is and how to use it.

Comments

This is a safety standard adopted by the community, for more secure authentication in different systems. 2fa solves the problem of compromised passwords by supplementary authentication using ‘almost’ one-time passwords.

1) What is two-factor authentication meant for?


This is a safety standard adopted by the community, for more secure authentication in different systems. 2fa solves the problem of compromised passwords by supplementary authentication using ‘almost’ one-time passwords.


2) What is a one-time password? And why ‘almost’?


Many computers with the Windows operating system are infected with viruses, and when you enter your password on such computer, it becomes known for the attacker together with the one-time password, but it is only valid within 30 seconds. Therefore, exchanges usually use a timeout for 2 minutes to withdraw the funds from the balance after login. This is done to ensure that an attacker could not use the obtained one-time password and cash out the balance of your account.


3) Does it mean that I can login the exchange absolutely at any PC without to worry about any possible loss of money?


No, 2fa is not a cure-all solution, there are viruses with automatic correction, they substitute the payment details very quickly. You will think that you are transferring the money as it was intended, but the transfer will be done not in accordance with your details, but to the address substituted by the virus.


4) OK then, and how is technically organized the 2fa solution?


Two-factor authentication is an approach in general, it can be implemented technically variously. Banks use one-time passwords sent by SMS to the customer. But this approach has a vulnerability, an attacker could obtain a copy of the SIM card of the victim and intercept SMS with one-time passwords.


5) Oh no, there is always a vulnerability, what can we do with this?


There is an alternative for the 2fa solution - Google Authenticator application, it allows you to create one-time passwords directly on the user’s device, i.e. on the phone. It is advisable to install 2fa application on a separate device, not the device, from which login to the exchange is performed. Such an approach is more secure because the probability of infection of both devices is much lower. There is extensive information about the practical application of the authenticator on the Internet.