{"id":4296,"date":"2016-10-11T07:49:33","date_gmt":"2016-10-11T02:19:33","guid":{"rendered":"https:\/\/www.qadit.com\/blog\/?p=4296"},"modified":"2016-10-11T07:49:33","modified_gmt":"2016-10-11T02:19:33","slug":"the-difference-between-two-factor-and-two-step-authentication","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/the-difference-between-two-factor-and-two-step-authentication\/","title":{"rendered":"The Difference Between Two-Factor and Two-Step Authentication"},"content":{"rendered":"<p><img decoding=\"async\" title=\"The Difference Between Two-Factor and Two-Step Authentication\" src=\"https:\/\/ift.tt\/2dhY6WZ\"><\/p>\n<div>\n<div>\n<figure>\n<\/figure>\n<p>You know you should <a rel=\"nofollow\" href=\"https:\/\/ift.tt\/1fZIbWb\">use two-factor authentication everywhere you can<\/a>, but there\u2019s also \u201ctwo-step\u201d authentication, which may come off like the same thing. They\u2019re really not. Here\u2019s the difference, and what you should know about both.<\/p>\n<aside>\n<div>\n<div>\n<a target=\"_blank\" href=\"https:\/\/ift.tt\/1fZIbWb\"><\/p>\n<figure>\n<\/figure>\n<p><\/a><\/p>\n<p>\n<span>Two-factor authentication is one of the best things you can do to make sure your accounts\u2026<\/span> <a target=\"_blank\" href=\"https:\/\/ift.tt\/1fZIbWb\"><br \/>\nRead more <span>Read more<\/span><br \/>\n<\/a>\n<\/p>\n<\/div>\n<\/div>\n<\/aside>\n<p>Old security heads will know the difference here just because of the names, but since they\u2019re often used interchangeably by companies looking to obfuscate the difference, it\u2019s worth highlight the separation between them. This thread at StackExchange sums up the difference well for anyone unfamiliar, or who doesn\u2019t get the nuance. This answer from <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/ift.tt\/2cX2QAv\">tylerl<\/a> teases out the nitty details:<\/p>\n<blockquote>\n<p>Two-factor authentication refers specifically and exclusively to authentication mechanisms where the two authentication elements fall under different categories with respect to \u201csomething you have\u201d, \u201csomething you are\u201d, and \u201csomething you know\u201d.<\/p>\n<p>A multi-step authentication scheme which requires two physical keys, or two passwords, or two forms of biometric identification is not two-factor, but the two steps may be valuable nonetheless.<\/p>\n<p>A good example of this is the two-step authentication required by Gmail. After providing the password you\u2019ve memorized, you\u2019re required to also provide the one-time password displayed on your phone. While the phone may appear to be \u201csomething you have\u201d, from a security perspective it\u2019s still \u201csomething you know\u201d. This is because the key to the authentication isn\u2019t the device itself, but rather information stored on the device which could in theory be copied by an attacker. So, by copying both your memorized password and the OTP configuration, an attacker could successfully impersonate you without actually stealing anything physical.<\/p>\n<p>The point to multi-factor authentication, and the reason for the strict distinction, is that the attacker must successfully pull off two different types of theft to impersonate you: he must acquire both your knowledge and your physical device, for example. In the case of multi-step (but not multi-factor), the attacker needs only to only pull off one type of theft, just multiple times. So for example he needs to steal two pieces of information, but no physical objects.<\/p>\n<p>The type of multi-step authentication provided by Google or Facebook or Twitter is still strong enough to thwart most attackers, but from a purist point of view, it technically isn\u2019t multi-factor authentication.<\/p>\n<\/blockquote>\n<p>So what does this all mean for you? Well, nothing really\u2014if a service offers two-step or two-factor, you should absolutely enable it, and it\u2019s not like a service will give you a choice between the two. There are differences between types of two-factor, and <a rel=\"nofollow\" href=\"https:\/\/ift.tt\/2aikLou\">you should absolutely choose the best one<\/a> for you, but the bottom line is that being aware of the differences will help you understand exactly how secure your most important accounts really are.<\/p>\n<aside>\n<div>\n<div>\n<a target=\"_blank\" href=\"https:\/\/ift.tt\/2aikLou\"><\/p>\n<figure>\n<\/figure>\n<p><\/a><\/p>\n<p>\n<span>Two-factor authentication is one of the most important ways to protect your accounts. However,\u2026<\/span> <a target=\"_blank\" href=\"https:\/\/ift.tt\/2aikLou\"><br \/>\nRead more <span>Read more<\/span><br \/>\n<\/a>\n<\/p>\n<\/div>\n<\/div>\n<\/aside>\n<p><a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/ift.tt\/1dc2dwe\">Two-Step vs. Two-Factor Authentication &#8211; Is there a difference?<\/a> | StackExchange<\/p>\n<p><em><small>Photo by <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/ift.tt\/2cX3rSp\">Brianetta<\/a>.<\/small><\/em><\/p>\n<\/div>\n<\/div>\n<p>via https:\/\/ift.tt\/2dPpC34<\/p>\n","protected":false},"excerpt":{"rendered":"<p>You know you should use two-factor authentication everywhere you can, but there\u2019s also \u201ctwo-step\u201d authentication, which may come off like the same thing. They\u2019re really not. Here\u2019s the difference, and what you should know about both. Two-factor authentication is one of the best things you can do to make sure your accounts\u2026 Read more Read &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/qadit.com\/blog\/the-difference-between-two-factor-and-two-step-authentication\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;The Difference Between Two-Factor and Two-Step Authentication&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-4296","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-17i","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=4296"}],"version-history":[{"count":1,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4296\/revisions"}],"predecessor-version":[{"id":4297,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4296\/revisions\/4297"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=4296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=4296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=4296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}