Nov 042012
 
 November 4, 2012  Posted by at 11:22 pm Not So Stupid Questions  Add comments

[To celebrate my first year of programming I will ask a ‘stupid’ questions daily on my blog for a year, to make sure I learn at least 365 new things during my second year as a developer]

This came up as a dev asked on twitter why twitter doesn’t have a two-factor authentication. Since a Twitter account is used to login to quite a few apps it really should be more secure. ¨
The dev was not the only one curios about that, many joined the conversation, and I even found somebody who had asked this on Quora:
Twitter: Why doesn’t Twitter offer two-factor authentication?

But what is two-factor authentication anyway?

A two-factor authentication is a way to authenticate using two or more out of three authentication factors. The factors are considered to increase the likeliness that the user is indeed who he/she claims to be (proving identity). Using several versions of one factor is not considered true multifactor authentication (two-factor authentication). The three factors are:
A knowledge factor
– something the user knows
Examples: password, security questions, username/email address etc.
A possession factor
– something the user has
Examples: tokens (mini-device tokens), magnetic stripe cards, soft tokens (SSL certificate), mobile phone (sms, NFC, apps, signatures), smart cards
An inherence factor
– something the user is
Examples: iris scan, fingerprint, voiceprint

  2 Responses to “Stupid Question 74: What is two-factor authentication?”

  1. I think the twitter tech architect who made this decision probably hedged the significance of a user profile’s security with the ease of service access. If a token is erased from a mobile phone or desktop browser, the user is faced with the annoying user experience task of re-authentication. This may subconsciously deter the user from using the service in general overtime.

  2. Thank you for this. I’ve been swamped last few weeks, have read this over and over, just haven’t had time to look into it. Thanks for bubbling the essence of this for us.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

What is 9 + 4 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)