2FA over Mobile: Data protection and prevent fraud tool for customers and enterprises
By applying 2FA, Viettel’s customers will get an OTP (One times password) that be sent to their phone to verify the authentication. This 2FA will help Viettel subscribers protect and control their account better without the scarcity of password lost.
Two-factor authentication (2FA) is used for the purposes of controlling fraud and verifying end users. It can be implemented in various number of ways, by using software or hardware tokens or engaging via mobile devices. When implemented effectively – especially when using mobile devices – 2FA is a cost-saving solution that is simple to implement, easy to use, and an effective way to detect fraud – thereby can be used as a protection solution for both the end user and the enterprise.
Key Factors for Two-Factor Authentication:
Two-factor Authentication (2FA) can be identified as additional identification step that use to clarify in login process. When user logins only by username and passwords, that is one-factor authentication. 2FA requests users to have 2 over 3 important information before they can login, as follow:
1. A knowledge factor – something only the user knows, such as a password or personal identification number (PIN)
2. A possession factor – something only the user possesses, such as an ATM card, mobile device, or hardware token
3. An inherence factor – something unique to the user, such as a fingerprint or retina pattern.
2FA is often used when the user should be identified accurately. A common example is the ATM usage scenario. The user swipes an ATM card and then enters a secret PIN. Without both authentication factors working, the user cannot withdraw cash from the ATM.
For many years, a common solution to protect user’s information for corporate or government systems and more, organizations around the world have relied on physical term such as hardware tokens along with user IDs and passwords.
Recently, as catching up to the common trend of using mobile devices, enterprises also have been able to use mobile devices for 2FA opens up a variety of use cases that make it difficult for many hardware-based “key fob” devices to adequately compete. For example, Viettel Telecom has applied the 2FA step when customers process account registration in Viettel Portal to protect individual information. Customers will get an OTP (One times password) that be sent to their phone to verify the authentication. In addition, as many smartphone applications can generate 2FA PIN codes of varying lengths that replace the limitation of hardware token. Such apps use industry standard to generate PIN codes that synchronize with server applications and Websites to enable a second step of authentication for end users.
The goal of 2FA is to reduce impacts of online fraud such as stealing of important information that can lead to lost in personal assets. While there are variations in the manner in which an individual can be authenticated (including the “something that you are” – the inherence factor), the strength of 2FA lies in the strength of its implementation – in particular, the strength of the two factors that are used to identify the individual.