Use Two Factor Authentication

Use Two Factor Authentication

The online world is a dangerous place, the need for user authentication methods other than just the traditional username and password combinations has become critical to enhance your online security.

Two Factor Authentication (2FA), also known as Multi-Factor Authentication (MFA) or 2-Step Verification adds an extra layer of security to your account in case your password is compromised.

When using Two Factor Authentication first when logging in a user enters their username and a password as normal, but instead of immediately gaining access, they will be required to provide another piece of information (the second factor).

This second factor could come from one of the following categories:

Something you know: This could be a personal identification number (PIN), a password, answers to "secret questions" or a specific keystroke pattern

Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token

Something you are: This category is a little more advanced, and might include biometric pattern of a fingerprint, an iris scan, or a voice print

A good example of two factor authentication is something most of us familiar with, withdrawing cash from a cash machine or ATM (Automatic Teller Machine). Two things are required for a withdrawal to be approved by your bank, your valid credit or debit card (Something you have), and your 4-digit PIN (Something you know).

Common Types of Two Factor Authentication in use today include;
Hardware Tokens are small, similar to a key fob and produce a new numeric code every 30-seconds, when a user tries to access their account, they look at the device and enter the displayed 2FA code into the site or app. Some have the ability to automatically transfer the 2FA code when plugged into a computer's USB port.

SMS Text-Message and Voice-based 2FA interact directly with a user's phone, when a user tries to access their account the site or app sends the user a unique OTP (one-time pass code) via a text message or automatically calls a user and delivers the OTP code by audio. This is considered to be the least secure way to authenticate users but any 2FA must be better than none.

Software Tokens are software-generated, time-based, one-time pass codes and are the most popular form of two factor authentication. Users install a 2FA app on their smartphone or desktop and use the app with any site or app that supports this type of authentication. When a user tries to access their account, the app displays a 2FA code similar to that produced by Hardware Tokens. The user then enters the displayed 2FA code into the site or app. Apart from 2FA Apps being available for desktop, mobile and wearable platforms some even work offline.

Push Notifications for 2FA are more user-friendly, websites and apps send the user a push notification that an authentication attempt is in progress, the device owner simply views a notification details and can approve or deny access with a single touch with no additional interaction required.

We recommend the Software Token 2FA approach, there are many authenticator apps to choose from including apps produced by Apple, Google and Microsoft. Our preference is Authy which we recommend as it works on all of our devices, integrates with Bitwarden password manager and it allows multiple devices.

Visit the Authy website for details.

Related Posts


30 May 2023
This release continues Joomla 4’s high standards in accessible web design, highlighting Joomla's values of inclusiveness, simplicity and security into an even m...
02 May 2023
The main feature of the Joomla 4.3.1 release is Guided Tours. There are already 2 articles regarding Guided tours. The first is an introduction to the tours det...
18 April 2023
The main feature of this stable release is Guided Tours.There are already 2 articles regarding Guided tours. The first is an introduction to the tours detailing...


For promoting your brands, products or services, sharing news, or simply communicating with your site visitors we can produce branded fully responsive email templates....
A new website design can be applied to an existing website, or a new website is created and existing databases, content and graphics are imported as required.
Production of website logos from existing designs, optimise existing logos for website use, or design new logos for use on your website.

We provide remote on demand and routine Website Development, Website Maintenance, Website Support, Website Marketing and Website Hosting services to both end users and web design studios alike all over the world.

Latest statistics.
Websites and Projects
Support Tickets
Ticket Replies

CONTACT US via our online form if you need help with your website or hosting, or wish to discuss a new project and need some advice and we will get back to you with the available options.