Information Security

When to use two-factor authentication

When to use 2FA

What is 2 factor authentication?

2 factor authentication (2FA) combines something the user knows (e.g. PIN, password, secret) with something the user owns (e.g. device or mobile phone).

SMS is an ideal channel for 2FA because it’s completely separate from your website or application. This is known as out-of-band authentication, and it’s a safer option than locally generated passwords within the application. It also makes hacking more difficult because two separate and unconnected authentication channels would have to be compromised for an attacker to gain access.

When is 2FA an ideal solution to protect customer identities?

There are many benefits to 2FA such as improved productivity, building trust, regulatory compliance and lessening the load on your IT department. Here are some use cases we have identified to help you better understand when you should implement 2 factor authentication.

Remote access to corporate networks. With today’s mobile workforce you might have remote users accessing your VPN (Virtual Private Network). A secondary authentication method, accessed on a simple mobile device, will help you achieve better security for your network.

Ecommerce sites. If your business requires users to share private payment information, personal details or loyalty points, 2 factor authentication will give your customers peace of mind and encourage brand loyalty. Implementing 2FA when it comes to tasks such as changing a password or completing a sale will keep even the most sophisticated hackers away.

App downloads. If a user is downloading your social media app, communication app or even a productivity app, it’s vital that you verify that it is in fact a legitimate user attempting to sign in, and not an unidentified source or an automated bot.

GO-JEK’s motorcycle app is Jakarta’s fastest door-to-door delivery service. GO-JEK uses SMS 2 factor authentication to verify mobile numbers when new users sign up via the app, an action that can’t be mimicked by a bot. Now, only legitimate users can sign up for their services, which has significantly cut down on fraudulent activities and increased the efficiency of the app. 

Financial transactions. Banks and other financial institutions use 2FA to verify transactions such as adding a recipient, changing payment details, and making payments. This extra level of authentication is a necessary precaution when dealing with sensitive data.

Cloud services. When it comes to cloud file sharing, email, gaming and more you want to keep your company’s information safe by offering your users the choice of 2 factor authentication.

Stored value services. Some of the things your users store electronically won’t necessarily have a currency value, but that doesn’t mean it’s not valuable. If transactions involving credits, tokens, virtual goods and virtual currencies aren’t verified you are exposing data to cyber threats.

Password recovery. Traditionally, if users forget their passwords, a series of personal questions are asked of them to regain access. These questions are based on answers that can easily be found on their social media profiles e.g. pet name. Using 2FA is a simple and safe way to verify user identity.

Choose an authentication solution now

If you’re responsible for protecting your company data and also the personal information of your customers, 2 factor authentication is a valuable and powerful security mechanism. Download Crash course in 2FA: the e-book for app developers to read more.

Explore other articles

Step into the future of business messaging.

SMS and two-way channels, automation, call center integration, payments - do it all with Clickatell's Chat Commerce platform.