Activate 2FA security - Step by Step Guide for Cryptocurrency exchanges and Online services

Activate 2FA security - Step by Step Guide for cryptocurrency exchanges and online services

Two-factor authentication (2FA), often known as two-step confirmation (TFA). It is a security mechanism where the user inputs second authentication factor to prove that they are indeed the one who they claim. 2FA might be contrasted with single-factor authentication viz. password, a security process wherein the user provides just one factor.

Brief about 2FA

2FA is also called multi-layer authentication since there are more than one layers of authentication inputs. Two-factor authentication offers another layer of security and making it harder for attackers to access an individual's devices and online accounts because knowing the victim's password is not sufficient to pass the authentication check. Two-factor authentication has been utilized to control access to very sensitive systems and information, and online services are introducing 2FA to prevent their user's information from being accessed by hackers who've stolen a password management or used phishing campaigns to get users passwords.

The ways wherein someone might be authenticated normally fall into 3 categories known as the factors of authentication, which include:
  1. Knowledge factors, something the user knows, like a password, PIN or shared secret. 
  2. Possession factors, something the user has, like an ID card, safety token or a smartphone. For instance, users can be required to authenticate from specific places, or during specific time windows.
  3. Inherence factors, commonly involve user biometrics such as retina scan, fingerprints etc.

Even if the user enters another shared secret along with password then still it would be considered as single-factor authentication. This is because password and shared secret both belong to single authentication factor, knowledge.

As far as SFA (Single-Factor Authentication) providers go, user ID and password aren't the most secure. One problem with password-based authentication is it requires knowledge along with diligence to create along with remembering strong passwords. Passwords require security from many internal threats, such as carelessly stored sticky notes with login credentials, old hard disk drive, and social engineering exploits. Passwords are well known to external threats. Hackers generally use brute force, dictionary or rainbow table attacks. Given sufficient time and resources, an attacker can normally breach password-based security systems. Passwords have remained the most typical form of SFA due to their cost-effectiveness, ease of implementation and familiarity.

Google Authenticator as 2FA

Google authentication is most common 2FA used in crypto community or crypto exchanges. Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP) for authenticating users. TOTP being timebound is safest of the options available. Another common method of 2FA is SMS where a unique OTP ( One Time Password ) is sent to user's mobile number.

2FA introduces extra security layer between the attacker and critical operations such as confirmations while withdrawing funds or cryptos, password changes, API key creation, and logins. Google authentication once enabled gives an extra set of numeric codes (6 digits generally) tied exclusively to an individual's account by using a Time-based One-time Password Algorithm (TOTP).
6 digit code is generated every minutes with Google Authenticator
The code is generated using three key ingredients,

  1. A shared secret (a sequence of bytes) - generally displayed a QR code on exchanges
  2. An input derived from the current time - your phone time, it needs to be accurate. 
  3. A signing function - generally HMAC-SHA1
Binance 2FA enable screen - sample data

We are explaining this process with Binance exchange. Do not use the code in above picture, it is used as a reference only. 
  1. Download Google Authentication App from PlayStore and scan code displayed in above image. 
  2. Note the backup key on safe media in case you need to recover your Google authentication in case your phone is lost. 
  3. In the last step enter your key from step 2, your login password, and Google authenticator code from your phone. This enables 2FA for your account. 
The process is same among all kinds of systems enabled with Google Authentication.

There are also hardware tokens available to enable 2FA and they too have their own way of generating second-factor codes but not all websites support these considering the entry cost factor to end user. Google authentication being free to download is mostly preferred by all crypto platforms e.g. exchanges, ICO registration portals etc.

Be safe

Finally, ensure you backup your code. Write your code on safe paper and enable Google Authenticator on your old smartphone as another backup device. Keep your Google Authenticator codes safe and be safe!

PC: Pablo,unsplash

Note: We at TechSutram take our ethics very seriously. More information about it can be found here.
Mandar Pise Opinions expressed by techsutram contributors are their own. More details

Mandar is a seasoned software professional for more than a decade. He is Cloud, AI, IoT, Blockchain and Fintech enthusiast. He writes to benefit others from his experiences. His overall goal is to help people learn about the Cloud, AI, IoT, Blockchain and Fintech and the effects they will have economically and socially in the future.

No comments:

Post a Comment

    Your valuable comments are welcome. (Moderated)