AUTHENTICATION/2FA-OR-MFA

Authentication 4/7 : 2FA OR MFA

This article of the Authentication series talks about how identification can be made more difficult using 2FA/MFA and explains 2FA’s working with a code example.

Pravinkumar Singh
4 min readOct 13, 2023

2FA (Two-Factor Authentication) is a security protocol that adds an extra layer of protection to the password-based method of identity verification. It requires users to provide two distinct forms of identification before they can access their accounts, which makes it challenging for potential intruders to gain unauthorized access. When we add another factor along with 2FA, it becomes MFA.

The first factor is usually the traditional password, which is something the user knows like cooldude1990. The second factor, on the other hand, is a unique piece of information or item that only the user would have access to. OTP, PIN, fingerprint or facial recognition.

Life before 2FA was a simple password-based method. This was vulnerable to various attacks such as brute force, phishing, and keylogging. 2FA has been originated from Multi-Factor authentication [MFA].

Different types of Additional Factor

Assuming the first factor is your password, all possible additional factors are as follows :

1. Something You Have

Hardware Tokens: These are small physical devices (like a USB ) that generate a one-time passcode (OTP) and change every 30–60 seconds.

Software Tokens: These are applications or programs that generate an OTP. e.g. Google Authenticator

SMS/Email: The system sends an OTP to the user’s registered mobile number or email address.

2. Something You Are

Fingerprint Scanning: User’s unique fingerprint pattern, used on smartphones and laptops with built-in fingerprint sensors.

Facial Recognition: Unique features of the user’s face like Apple’s Face ID.

Voice Recognition: Unique characteristics of the user’s voice as the second factor.

Iris/Retina Scanning: Unique patterns in the user’s eyes, it’s one of the most secure biometric methods.

3. Something You Know

PINs: Personal Identification Number (PIN)

Security Questions: The user answers pre-set security questions.

Passphrases: These are similar to passwords but are typically longer and more complex.

Usage

2FA is used in various sectors such as banking, healthcare, and IT, where securing user data is very critical. It’s also becoming increasingly common in personal use, such as email accounts and social media platforms, to protect personal data from being stolen or misused.

Working

To understand how 2FA works, let’s take a real-world example of logging into an online banking account with the State Bank of India (SBI). The process involves two distinct steps, each requiring a different form of authentication.

Here’s the step-by-step process:

  1. First Factor — Username and Password: The user visits the SBI online banking portal and enters their username and password. This is the first factor of authentication — something the user knows.
  2. Second Factor — One-Time PIN (OTP): Upon successful verification of the username and password, the system triggers a One-Time PIN (OTP) that is sent to the user’s registered mobile number. This is the second factor of authentication — something the user has. The OTP is a unique code that is valid for a short duration and can be used only once.
  3. OTP Verification: The user then enters the received OTP in the online banking portal. If the OTP matches the one sent by the system, the user is granted access to their account.
image by Pravinkumar Singh

Let’s illustrate how 2FA works with simple code example,

# Import the necessary libraries
import random
import smtplib

# Function to generate and send OTP
def send_otp(email):
# Generate a 6-digit OTP
otp = random.randint(100000, 999999)

# Set up the SMTP server
server = smtplib.SMTP('smtp.gmail.com', 587)

# Start the server
server.starttls()

# Login to the email account from which the OTP will be sent
# Replace "Your Email" and "Your Password" with your actual email and password
server.login("pravin@mail.com", "cooldude1990")

# Create the OTP message
message = 'Your OTP for 2FA verification is '+str(otp)

# Send the email with the OTP to the user's email
server.sendmail('Your Email', email, message)

# Close the SMTP server
server.quit()

# Return the OTP so it can be used for verification
return otp

# Function to handle the login process
def login(user_email, user_password, user_otp):
# Assume we have a function to validate email and password
# This function should check the provided email and password against the stored user credentials
if validate_email_password(user_email, user_password):
# If the email and password are valid, an OTP is generated and sent to the user's email
sent_otp = send_otp(user_email)

# Check if the OTP entered by the user matches the sent OTP
if sent_otp == user_otp:
# If the OTPs match, the login is successful
return 'Login Successful'
else:
# If the OTPs don't match, return an error message
return 'Invalid OTP'
else:
# If the email or password is not valid, return an error message
return 'Invalid Email or Password'

--

--