I have noticed a movement toward two step verification among the companies I do business with--my...

Single step authentication step(Tradition system):-
The password is created when you are register for that website for the first time or every time the login time,you need to remember the created password.
Password is a combination of letters and digits.
Strong password is a combination of at least one number and one capslock letter and one symbol with other letters and digits.
But it is not strong enough to secure the website.
It may be attacked by the third party members or the password can easily cracked by the attackers using the various methods such as Brute force attack,Dictionary attack and key logger attack.

Weak passwords:-
1) Anything that contains the word “password”, “admin”, “querty”, your name or variations of it
2) combinations of easy to guess numbers (“1234”, “1234567890”, “2016”, “0000”, “11111”
3) your spouse’s name, your children’s or pet’s name or birth dates etc.
4) The default password that your service provider gave to you.

So we are shifting to the 2 step authentication password verification:-
Two-Factor Authentication (2FA) is called as multiple factor authentication.Because it adds more level security to that existing system.
2FA is a method of verifying your identity that adds a second layer of authentication in addition to the account password of yours.
It reduces the chance of fraud,data theft or data loss.

Why is it important:-
Passwords is the mainstream form of authentication since the start of the digital revolution.
facts about traditional system:-
1) 90% of passwords that can be easily cracked in less than six hours.
2) 2/3's of people use the same password everywhere.
3) Cyber attackers have the power to test billions of passwords every second because of various available mechanisms and resources etc.

According to the study conducted by cybersecurity firm Symantec, 80% of data breaches could be eliminated/removed by the use of two-factor authentication.

Process of 2FA verification:-
1) When you want to sign into your any account, you are prompted with a username and a password – that’s the first verification layer(first authentication step).
2) After successfully login into the system,for more level of security,it asks to enter a email or mobile number to send the one time password or  Time-based One-time Password algorithm (TOTP).
3) OTP is sent via through offline message(SMS) or to your mail that is provided by the user.
3) If it is successfully entered and verified by that website,after it can completely login into the sytem.
4) Two-step verification will be requested for every login and at least once every 30 days.
5) Once the code is sent, the SMS verification code is valid for only 10 minutes. If you miss this timeframe,simply You can click on "Resend code" and you'll get a new, updated code sent via SMS or email.
6) OTP is 4,6 to 8 digits(example:-2332, 533426 etc ).

2FA hardware tokens:-
Hardware tokens for 2FA are available that is supporting different approaches to the authentication.
1) One popular hardware token is YubiKey, a small USB device that supports the one-time passwords (OTP),
2) public key encryption and authentication and
3) Universal 2nd Factor protocol developed by the FIDO Alliance.

The basic requirements of 2FA involve three different forms to identify and authenticate:-

1) These are something you know(knowledge factor):- a pin number, password or pattern.
2) something you have(possession factor):- an ATM or credit card, mobile phone or security token such as a key fob or USB token and
3) something you are(inherence factor):- Biometric authentication such as a voiceprint or fingerprint or keystroke dynamics or typing speed and mouse movements.

Applications of 2FA verification:-

1) Internet Banking
2) Google Authenticator or any social media websites.

Two-factor authentication is a must-have for:

1) Online banking
2) Online shopping (Amazon, PayPal etc– though it’s only available for a few countries)
3) E-Mail ( Yahoo, Outlook etc)
4) cloud storage accounts (Dropbox, Box, Sync etc)
5) Accounts on social networks such as Facebook, Twitter, Linkedin, Tumblr etc.
6) Productivity apps such as Evernote, Trello etc
7) Password managers Ex:-LastPass etc.
8) Communication apps such as Slack, Skype, MailChimp etc.

Some scenarios that would allow an attacker to break the 2FA verification:-

1. They could gain access to it means that they could steal your phone, your card, your token.
Text messages sent to your mobile phone can be easily identified.

2. Through the Man-in-the-Middle attack.
They could use the Trojan horse to change the communication between you and your web browser and launch the attack against 2FA.
Example:- Warcraft players uses this approach.

3. Real-time phishing

Conclusion:- 2FA verification is more secure than single step authentication.