[Mobile Application]
Security Research Center
Multi-factor authentication
Guardsquare recommended technique
| Technique summary | |
| Technique | Multi-factor authentication (MFA, sometimes 2FA) |
| Against | Clipboard attack, SMS attacks |
| Limitations | None |
| Side effects | None |
| Recommendations | Recommended for use |
Multi-factor authentication (MFA), or two-factor authentication (2FA) is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. For example, these two factors can be user's password and a one-time password generated with a third-party authenticator app.
A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication.
To make the MFA resilient to SMS attacks, none of the factors should be an SMS text received on the user's device.
Note that the TPA can still be vulnerable against other attacks, such as malicious accessibility services.
Guardsquare
Connect with the author
Table of contents
