Greater security through two-factor authentication
Many online services now offer the procedure whereby account holders can identify themselves in addition to or as an alternative to entering a password as soon as they log into their account. Two-factor authentication (2FA) is available in several variants. The hardware-supported procedures offer a high level of security and it is recommended to use them in addition to a strong password.
Explanation of terms
Authentication or authentication?
In common parlance, the terms authentication and authentication are often used interchangeably. However, they describe various sub-processes of a registration procedure.
A user AUTHENTICATES themselves to a system using unique login information (e.g. password). The system checks the validity of the specified data – it AUTHENTICATES the user.
Log-in with a second factor
You want to log in to your account: as usual, you start by entering a good password. The system will then check the accuracy of your details and confirm that the password has been entered correctly if necessary. However, this does not yet lead you to the contents of your account, but to another hurdle – preventing unauthorized persons from gaining access to your account if they come into possession of your password.
Many two-factor systems use external systems to carry out the two-stage verification after the password request. For you, this means that the provider you register with will send you a confirmation code to another of your devices, e.g. by text message to your smartphone.
However, other factors can also be considered secondary factors:
- Your fingerprint on a corresponding sensor
- the use of a USB token / chip card
Only after this identity confirmation will you be able to access the requested content.
It is important that the factors come from different categories, i.e., as required by PSD2, a combination of knowledge (e.g. password, PIN), possession (e.g. chip card, TAN generator) or biometrics (e.g. fingerprint).
Some procedures combine different factors with each other, which is why the query cannot follow one after the other, but at the same time. Example: Online ID function of an ID card combines the factor “possession of chip card” together with the factor “knowledge of PIN”. Authentication with the service provider only takes place with this combination.
Use of these security procedures
- Online banking: Login with password + additional confirmation of each transaction with pushTAN or, in the case of card-based systems, e.g. with chipTAN, HBCI.
- Debit or credit card payment: The two factors – the chip in the credit card as the “possession” factor and the PIN as the “knowledge” factor – legitimize the transaction.
- Online ID function of the ID card: The chip in the ID card must first be released by entering the PIN, after which the data is transmitted. After mutual authentication between the ID card and the service provider, the read data is transmitted to the service provider with end-to-end encryption.
- Tax return: You can also submit your tax return digitally using ELSTER. You can log in using a password-protected software certificate or the online ID function of your ID card.
- Cloud or email providers, social media platforms: Apply two-factor authentication as soon as your online service provider allows it: e.g. secure log-in with password and mTAN or an OTP from an authenticator app.
