What is two-factor authentication (2FA)?

CosmoLex Team

You are here:

Meant to be used as a supplement to passwords, two-factor authentication provides increased security to prevent unauthorized access to account logins. Also known as 2FA, this method adds another layer onto the login process to verify the user’s identity.

Two Factor-Authentication-Methods

What it does

Two-factor authentication is essentially proving that the person who is trying to gain access to an account is truly who they say they are. In the age of data breaches, usernames and passwords can become compromised[1]. By activating a requirement for 2FA when logging in, users are required to provide two pieces of information before being able to gain access to their account.

How it works

Two-factor authentication requires users to have two out of three things:

  • Something you know: typically a PIN number of a password
  • Something you have: such as access to an alternate email address or your phone
  • Something you are: biometrics such as an eye or fingerprint scan

With today’s technology, the most common combination utilized is something you know and something you have. You’ll frequently see this on sites where during the login process you’re prompted to type in a code that has been sent to your phone or email account.

While certain applications such as those run by banks have this in place automatically, not every service does.  For applications, programs and devices containing client information, implementing 2FA is a reasonable effort to take in order to ensure the confidentiality of their data. To stay secure, lawyers should enable two-factor authentication manually as needed wherever possible[2].

You can see which of the services you utilize has two-factor authentication as an option here[2]: https://twofactorauth.org/

To learn more about how to enable two-factor authentication, take a look at this article by PCMag: Two-Factor Authentication: How to Set It Up


References

1. Why You Should Drop Everything and Enable Two-Factor Authentication Immediately
2. 5 Cybersecurity Steps You Should Already Be Taking