Why in news?
With rising cases of password theft and online fraud, many organisations are adopting two‑factor authentication. Popular apps like Google Authenticator use time‑based one‑time passwords (TOTP) to add a second layer of security.
What is 2FA?
- Definition: 2FA is a security method that requires two different types of evidence to verify a user—something the user knows (e.g., a password) and something the user has (e.g., a phone or hardware token).
- Origins: Concepts of multi‑factor authentication date to the 1980s. In 2011 the Internet Engineering Task Force (IETF) introduced the TOTP standard, enabling interoperable one‑time passwords.
How it works
- Step 1: The user enters a password as usual.
- Step 2: An authenticator app or hardware device generates a time‑synchronised numeric code every 30 seconds. The server and device share a secret key and use cryptographic hash functions to generate identical codes.
- Verification: If the user‑entered code matches the server‑generated code, access is granted.
Key features
- TOTP codes: Short numeric codes valid for about 30 seconds, making it difficult for attackers to reuse intercepted codes.
- Cryptographic security: Codes are generated using HMAC‑SHA256 or similar algorithms, ensuring strong encryption.
- Offline capability: Authenticator apps can generate codes without internet access; hardware tokens provide physical keys.
- Multiple delivery modes: Codes can be delivered via SMS, push notifications or dedicated devices.
Significance
- Reduces risk of password theft, phishing and brute‑force attacks.
- Widely used in banking, government portals, healthcare and corporate IT systems.
- Supports digital initiatives such as Digital India and Aadhaar by protecting user data.
Adopting 2FA is a simple but powerful step towards safer online interactions.
