Iris Classon - In Love with Code
Copy-Paste developer | Get the book(s) Search blog Contact / About Categories Tags My first year of programming (Not so) Stupid Questions RSS Feed
Iris Classon
(Modified) Hugo Theme Diary by Rise
Ported from Makito's Journal.

© 2024 Iris Classon - In Love with Code
Copy-Paste developer | Get the book(s) Search blog Contact / About Categories Tags My first year of programming (Not so) Stupid Questions RSS Feed
- CATALOG -
    Iris Classon - In Love with Code

    Stupid Question 74: What is two-factor authentication?

    folder [Not So Stupid Questions]   label Not So Stupid Questions  

    [To celebrate my first year of programming I will ask a ‘stupid’ questions daily on my blog for a year, to make sure I learn at least 365 new things during my second year as a developer]

    .

    This came up as a dev asked on twitter why twitter doesn’t have a two-factor authentication. Since a Twitter account is used to login to quite a few apps it really should be more secure. ¨
    The dev was not the only one curios about that, many joined the conversation, and I even found somebody who had asked this on Quora:
    Twitter:Why doesn’t Twitter offer two-factor authentication?

    But what is two-factor authentication anyway?

    A two-factor authentication is a way to authenticate using two or more out of three authentication factors. The factors are considered to increase the likeliness that the user is indeed who he/she claims to be (proving identity). Using several versions of one factor is not considered true multifactor authentication (two-factor authentication). The three factors are:
    A knowledge factor
    – something the user knows
    Examples: password, security questions, username/email address etc.
    A possession factor

    • something the user has
      Examples: tokens (mini-device tokens), magnetic stripe cards, soft tokens (SSL certificate), mobile phone (sms, NFC, apps, signatures), smart cards
      An inherence factor
    • something the user is
      Examples: iris scan, fingerprint, voiceprint

      Comments

      Leave a comment below, or by email.
      Howard
      11/10/2012 9:11:25 AM
      I think the twitter tech architect who made this decision probably hedged the significance of a user profile's security with the ease of service access. If a token is erased from a mobile phone or desktop browser, the user is faced with the annoying user experience task of re-authentication. This may subconsciously deter the user from using the service in general overtime.
      Phenry
      4/9/2013 11:05:10 AM
      Thank you for this.  I've been swamped last few weeks, have read this over and over, just haven't had time to look into it.  Thanks for bubbling the essence of this for us.

    Last modified on 2012-11-04

    comments powered by Disqus