Signing in to a service

Multi-factor authentication using a code generator

A code is generated on a device and entered into a computer.

Description

Multi-factor authentication adds an extra layer of security to allow access to data. Passwords can be guessed or stolen, so requiring extra information increases the confidence that access to data should be allowed.

In this type of multi-factor authentication, a user must enter a code generated by an app or a device before data access is permitted. The code is specific to the user and their device. It’s also single use, and expires after a short amount of time. For example, a user can setup multi-factor authentication on their email account and use an authenticator app for generating codes.

Advantages

  • It makes it more difficult for an unauthorized person to access user’s data or devices
  • If one security factor is compromised or broken, the attacker still has at least one more barrier to breach
  • It works without an internet connection

Limitations

  • Codes need to be backed up as the user upgrades their phone
  • It requires a generator app to be installed
  • Generator apps can be lost if something happens to the device
  • It doesn’t prevent phishing attacks

Examples