Premier of Two-Factor Authentication

Discussion in 'Linux Security' started by Eric Hansen, Sep 17, 2013.

  1. Eric Hansen

    Eric Hansen Moderator Staff Writer

    Messages:
    116
    Likes Received:
    69
    Trophy Points:
    28
    There’s been a lot of hype over the recent few years, I even wrote some articles about incorporating it into various services, but what benefits do you gain from two-factor authentication, and should you actually use it? Lets explore what two-factor is, how it benefits you and the issues you may experience.

    What Is Two-Factor Authentication (2FA)?
    Two-factor authentication (usually shorthanded 2FA) is broken down essentially to this: 1) something you know and 2) something you have or can access. 2FA is used in all practical purposes thus far to authenticate a user into some system. The way it works is by requiring the person logging in as a user to not only know the account’s password but also have access to some device or even another account (i.e.: separate email). Without both pieces of information logging in is virtually (though not completely) impossible.

    “Something you know” amounts to usually nothing more than a password. While it could in theory be even one of those security questions, its not as secure since that information is more readily available on the Internet these days thanks to Facebook and similar sites. “Something you have/can access” in more cases than not references your phone. Google Authenticator is a good example of this, but there are also other methods such as a fob (RSA SecurID uses these) as well as a USB key (YubiKey for example).

    Benefits to 2FA
    1. Better access control. This is usually the reason for people wanting to implement it somewhere down the chain, better knowledge of who is and trying to log in. Some compliances also require 2FA these days for this fact alone.

    2. Removes most fake attempts. A lot of “hackers” these days like to make quick work of entry. If it takes them more than a few seconds to get in they will most likely want to skip your system because they want to show off their “skills” to their buddies as quick as possible. Word also spreads that your system is too slow, not worth it, etc… It doesn’t deter everyone but it does a nice job.

    Cons of 2FA
    Only 2 benefits of 2FA, why use it? Well, there are more benefits to it but they basically just break down the two points made above to finer detail. There are costs of using 2FA as well, though.

    1. More time consuming. While this ties into #2 above, it also interferes with your own time. If you have to quickly log in to fix a (non) critical issue it can be more frustrating than anything.

    2. Possible to lock yourself out. If you don’t have a backup plan (which you should) in the event you can’t log in via 2FA, you could find yourself not able to log into the server and not be able to do your work. This is one reason why Google Authenticator provides emergency token numbers.

    3. If someone obtains your phone or account you’re back to square one. 2FA was intended to help circumvent false authentication. However, if someone can possess your phone or gain access to your email, then you run the risk again of having compromised authentication which is also a big issue for large corporations.


    Should I Use 2FA?
    As always ultimately it depends on your needs. For some cases its over-paranoia more than anything, while sometimes you’re required. My personal way to gauge this type of matter is “if someone I didn’t know logged in to the server, would I truly care?” If its a testing VPN server, for example, I’m less keen to care. If its one of my KVMs then I’m highly concerned and would use it on the KVM server.

    Attached Files:

  2. Noel_one

    Noel_one New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi Eric,

    Good to see you taking the time to elaborate the pros & cons of 2FA rather than just promoting it as the greatest things since slicked bread. May I suggest an additional con: Much of the 2FA is geared towards the availability of a mobile phone either to receive Text messages or to generate the token. For those people that travels a lot and that their phone number in the destination is unknown for while or have no roaming service, the 2FA can be a big pain.

    It also has been alleged as the Achilles Heel that revealed a cyber attacker's 'identity' in one case. It is also a pain if you want to use Tor Browsers to access your mail service.

    I recently was summoned by my sister who is not very technical with computer when she accidentally enabled the 2FA in Hotmail. The amount of frustration and hoops she had to jump over to log into her Hotmail account were enough for her to consider ditching Hotmail to go somewhere else. I was able to help her to disable the 2FA.

    It is certainly not for everybody.

    Noel

Share This Page