It’s fundamental protect our accounts In Internet. For example, social networks, email, pages to make purchases… In all these cases it is essential that passwords are protected and that intruders cannot enter. Now, what methods do we have for it? Until now, it was key to use 2FA or two-step authentication. Is that enough? Many security experts think not and go a step further with the idea of protecting records.
3FA, the new protection for online accounts
2FA or two-factor authentication basically means that you are going to have to perform a second step to login. For example, if you want to enter your Facebook account you will have to enter your password but also a code that you can receive by SMS, email or when using specific applications.
But what can we do to improve security? In recent times we have seen many attacks that have managed to break the defense of two-factor authentication or 2FA. This has raised alarm bells as it has been shown that it is still possible for hackers to use methods to steal accounts. And that’s where it comes into play 3FA or three-step authenticationwhich also represents an important novelty.
Until now, a hypothetical attacker could log in from his own device if he was able to steal the password and also the 2FA code. The idea of using 3FA is to prevent that from happening and use user authentication linked to a device or a specific hardware token. In this way, the real user could only log in from that device that he has selected.
To make this possible, a FIDO2-like deployment can be done directly on user devices. What it does is link the authentication of that computer and thus prevent an intruder from creating a new session from a different device. This is something that some providers already offer, such as Microsoft 365 and Okta.
What Microsoft does is only allow login through devices that are added. Something similar happens with Okta, which also offers hardware tokens.
But this technology is currently very limited. It is not something that we can use on a regular basis and it does not seem that it will happen any time soon. However, everything indicates that in the future it can become habitual to prevent account intruders and make it more difficult to steal an account.
Keep in mind that a hacker can quickly crack a password. It is essential to use keys that are strong and secure, but also rely on other methods. Today the best option to avoid intruders is still 2FA or two-step authentication. But in the future we will use 3FA as usual and our teams will be more protected.
In short, as you can see, although two-step authentication is still very interesting for security, it has some gaps that are going to be corrected with a new technology, 3FA, and thus improve security.