Two-Factor Authentication (2FA) FAQ

1. What is Two-Factor Authentication (2FA)?

Typically, when you log-in to an app or your email account, you must provide a username and a single password - this is known as single-factor authentication.

Two-factor authentication (2FA) is a form of account log-in security that provides an extra layer of security by combining “something you know” (eg. password) with “something you have” (eg. SMS pin via a smartphone) or “something you are” (eg. fingerprint).

2. Why do you need 2FA?

In today’s hyper-connected world, relying on a password-only log-in (single-factor authentication) is much too dangerous for the data security of your company and your clients.

On its own, the humble password is too easily:

  • Stolen
  • Guessed through brute force
  • Keylogged
  • Socially Engineered

As more and more personal information moves onto the cloud, consumers understand that 2FA is necessary to protect personal information while businesses understand that 2FA is one tool to help protect their data (and reputation).

2FA is a cost-effective and easily-implemented method to guard against digital threats.

3. What exactly are the two levels of authentication in 2FA?

2FA requires two of the three following pieces of information for account log-ins:

  • Something you know (eg. a PIN, password)
  • Something you have (eg. ATM card, USB stick, smartphone)
  • Something you are (eg. biometrics, fingerprint, voice print, retina)

The majority of 2FA applications combine factors #1 (a password) and #2 (SMS pin sent to a smartphone). The “something you are” factor (eg. biometrics) is typically a costlier method.

4. What are some examples of a 2FA log-in?

Using the base case that the first factor required in a log-in is your password, the second factor in 2FA could be one of the following:

  • A 6-digit pin one-time password (OTP) sent via SMS to a user’s smartphone OR to a user’s email account OR generated by an authenticator app (i.e. Google Authenticator)
  • 8-digit number created by a hardware token (eg. USB, Fob)
  • A challenge response confirmation previously saved into the authentication server (“Mother’s maiden name”)

5. How does 2FA help organizations comply with regulatory mandates in the US?

2FA helps healthcare, financial, government and consumer-facing organizations operating in the US meet the regulatory requirements of creating security protocols to ensure the privacy and protection of sensitive data.

In detail, some key regulatory mandates include:

  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Insurance Portability & Accountability Act (HIPAA)
  • Federal Financial Institutions Examination Council (FFIEC)

6. How does 2FA help organizations comply with regulatory mandates in the EU?

In the EU, the major regulatory requirement for creating security protocols to ensure the privacy and protection of sensitive data is the European Union Data Protection Directive.

GAuthify FAQ

1. How much does 2FA cost?

GAuthify offers a number of 2FA packages to best meet the digital security requirements of your firm. Register with details of your use case to receive a quote.

2. How does the 30-day free trial work?

Following registration, one of our security experts will contact you and walk you through implementation options (varies by use case).

3. How long is the onboarding process?

For our enterprise packages, you will have a dedicated account manager and engineer assist in the implementation process.

Depending on the use case (features, # of users), GAuthify has a number of client libraries that can quickly be integrated with little effort (and very few lines of code); you’ll be amazed at how easy it is.

4. What programming languages does GAuthify support?

GAuthify has client libraries for a myriad of languages and frameworks including: Python; PHP; Ruby; Javascript; golang; C# / .NET, Djanogo, Wordpress and more.