Also known as “two-step verification” or “sign-in approval,” double authentication is a system designed to provide an extra layer of protection. It helps neutralize attacks aimed at obtaining the victim’s username and password.
Although a password is safer when it is formed by at least ten alpha-numerical characters, an attacker’s chance to obtain it is quite high considering malware codes that hack information directly, and in phishing it is users themselves who, under manipulation, hand over this information. Lastly, many servers containing users’ sensitive information are vulnerable.
Double authentication significantly mitigates the risks of such attacks using a code generated on users’ mobile phones. In accounts implementing this technology, users will have to enter not only their Access credentials (first authentication factor), but also a second factor that in most cases involves a random access code valid for each session received via smartphone or security token. The advantage of this system lies in the fact that if a cybercriminal manages to obtain the username and password, he/she will not be able to access the victim’s account without the second code or authentication factor.
Learning more about this technique and implementing it is quite useful considering that, according to a survey developed by ESET in April of 2013, 64.2% of Latin American users don’t know what double authentication is.
ESET Latin America’s Double Authentication Guide can be found at http://www.welivesecurity.com/wp-content/uploads/2014/01/guia-autenticacion-eset.pdf.