Is two factor authentication not enough?

What is Two Factor Authentication: Before we discuss that two factor authentication is enough or not, we have to know that what is two factor authentication, We can call it to two step verification also.

As we all know that we have to log on a website to perform some specific action on that website, to get logged in we have to enter a unique user id and password. By entering just only user id and password is called one factor authentication. This is not enough to control digital crime and internet fraud. Two factor authentication is an extra layer of security, that required a something else than username and password.

After entering username and password, When we provide some extra piece of information like security questions and one time password to perform an action that is only known by a person that the account is related to it is called two factor authentication. When a person initiates an online transaction, he has to enter a security code immediately and can be used once that is sent over his registered mobile and email to validate that he is the original person to make that transaction, It prevent from the online fraud, phishing and other malware attacks. In these days all of the Banks and popular websites (like Facebook, Google, Twitter, Apple) uses two factor authentication to validate that a valid authenticated user using that account. A Two Factor Authentication can be in various forms for various platforms like USB token, Biometrics (fingerprint scanners), Message over the cell phone (otp), Keychain token, Email Verification and many more.

As we discussed that we have to provide information immediately in two factor authentication, but sometimes due to network issue, it may take long time to receive otp or email that can be the cause of session timeout.

We can say that two factor authentication is the answer to our authentication needs, But as the technology is increasing rapidly and the latest cyber attack on Three’s Customer Upgrade Database raise a question that two factor authentication is also not enough to keep users data confidential. Three is a US Based mobile Company, which customers database was accessed after using an employee login by hackers. Three admitted that Millions of customer’s information (includes their Name, Addresses, Phone numbers, Date of Birth) were stolen by hackers.

As the conclusion of these attacks we can say that we can’t truly rely on two factor authentication.

Request your quote at