What is 2FA or two-factor authentication?

bitheerani319 · Post by **bitheerani319** » Thu Jan 23, 2025 4:47 am

2FA is one of the security mechanisms that has been gaining ground in recent years and that allows adding an extra layer of security to traditional authentication and authorization systems.

Traditional Authentication
Every day we use services on the Internet, we read news, we check our email and we browse our social networks using our digital accounts.
Digital accounts are nothing more than an abstraction of a personal identity on a certain service that we want to access. Generally, digital accounts are associated with a username, a verified email and finally a password.
In this way, the system that is trying to be accessed understands that it is a usa phone number list who knows the secret also known as the password, giving the authorization to enter and work with its services, update information, etc.
The problem with this authentication mechanism is that over the last few years it is becoming obsolete and very incomplete, since it is necessary to implement a large number of security measures to be able to control the different attack vectors.

Among the most effective computer attacks in this type of authentication based on a user and a password, we can mention the attacks known as Brute Force based on password and user dictionaries .
This attack consists of using automated tools that send all possible combinations and each of the words in the dictionary used to the authentication forms, until the correct credentials are found and the user is able to access the system as if it were a valid user. Social Engineering
attacks are also often used using OSINT (Open Source Intelligence) tools, where I will write about OSINT-related topics later on in the blog, which consists of searching social networks or any Internet source for specific information about people to infer and collect information. In this case, social networks play a very important role, since they are a constant source of personal information. After collecting all the data, a profile is created with preferences, important data such as dates, name, etc., and finally a dictionary is created with the possible passwords to test. There are many examples of companies on the Internet, where attackers managed to obtain users' digital accounts using these types of simple techniques. Without going any further, Web projects that use the most well-known CMS such as WordPress, Joomla!, Drupal or PrestaShop, do not implement an extra security measure in their authentication by default, they are only based on the entry and control of a user and a password.