#chetanpatil – Chetan Arvind Patil

Menu

Two Factor Authentication – Hardware vs Software

Photo by NeONBRAND on Unsplash

Two factor authentication (2FA) is a type of multi-factor authentication that allows users to secure any type of account using a second authentication apart from the regular password protection. 2FA has been around for a long time and received mixed reaction from security researchers.

With growing number of internet and smart device users it is becoming increasingly important to take 2FA seriously. Let’s take a quick look at types of 2FA, which I have separated into hardware and software depending on where the second authentication code comes from.

Software 2FA:

  • Software 2FA (S2FA) is straightforward. Any website which supports S2FA will first walk user through account creation which requires password (first authentication). Then it will provide three options:
    • First: Register cell number in order to receive unique code via SMS or a phone call whenever a login attempt is made. Only after entering this unique code user can access the account.
    • Second: Application will ask user to install smartphone app like Duo Security or Google Authenticator. Using the app scan the QR code shown on screen and this will register account with the app. On every login attempt this app will generate an unique code that needs to be entered after password authentication. This works even without internet connection.
    • Third: Skip both the options and have only single authentication mode i.e. password.
  • If the user has S2FA and doesn’t have cell network or smartphone with him/her during login attempt, then backup codes can be used.
  • These codes can be generated using account settings. Each backup up code expires as soon as it is used. For best practice, always generate and save new ones as soon as first one is used.
  • Below video explains above scenario:

  • Pros of S2FA:
    • Protects account from hackers.
    • Allows users to trust the website or application providing such service.
  • Cons of S2FA:
    • I personally think S2FA is very complex process for people who aren’t good with computers.
    • For Android devices SMS based 2FA (the easiest to setup for anyone irrespective of age or fluency in using smart devices) is most vulnerable due to the Android feature that lets any application read SMS stored in the messaging app. Thus allowing hackers a backdoor to these SMS codes.
    • Most likely this is the reason why banks don’t trust this option.

Hardware 2FA:

  • Hardware 2FA (H2FA) is very similar to S2FA, however the 2FA is generated using a hardware rather than a software.
  • There different ways to setup H2FA:
    • First: Many laptops for long have provided finger print reader option. If fingerprint reader is available, then for the account with this feature user can register biometric to login as 2FA. This isn’t widely used for online websites, but mostly for logging into hardware devices like smartphone or PCs.
    • Second: From laptops to smartphones we have high resolution cameras. Many companies provide APIs that developers can use to access cameras as 2FA. For Apple devices there is Face ID. Microsoft provides Windows Hello. Face recognition for Android is under development. This option uses face as 2FA with help of camera.
    • Third: Security key is a piece of hardware that has electronic chip which has unique code inbuilt. Any application that supports 2FA using a security key will look for the registered key. If the key is found in USB port or via Bluetooth connection, then user will be allowed to access the application. Google strongly supports this option for enterprise based on their in house research.
  • If H2FA is setup and user doesn’t have access to 2FA devices, there is an option to use S2FA. Application for sure will force user to setup S2FA as a backup during H2FA setup.

  • Pros of H2FA:
    • Must more robust than S2FA.
    • Difficult to fish user as the hardware device has to be nearby.
  • Cons of H2FA:
    • Costly for regular user.
    • Many dislike carrying another hardware even though it can act as key chain.

Future of 2FA:

  • I am in strong favor of H2FA. Instead of having to carry another piece of hardware, I would prefer if these keys can somehow find place in motherboard. This way applications can access and register keys using APIs. I understand this will not allow portability, but this idea can be improved.
  • Face ID is really good along with Windows Hello. With Google gearing up to bring face recognition to Android, it is fair to say that this is going to be the de-facto in near future when it comes to S2FA.
Chetan Arvind Patil

Chetan Arvind Patil

                Hi, I am Chetan Arvind Patil (chay-tun – how to pronounce), a semiconductor professional whose job is turning data into products for the semiconductor industry that powers billions of devices around the world. And while I like what I do, I also enjoy biking, working on few ideas, apart from writing, and talking about interesting developments in hardware, software, semiconductor and technology.

COPYRIGHT 2024, CHETAN ARVIND PATIL

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. In other words, share generously but provide attribution.

DISCLAIMER

Opinions expressed here are my own and may not reflect those of others. Unless I am quoting someone, they are just my own views.

MOST POPULAR

The Impact Of Lithography On Semiconductor FAB

Photo by Laura Ockel on Unsplash More than 50% of the semiconductor FAB (fabrication) cost is due to equipment and

Read More

The In-House Custom Semiconductor Chip Development

Photo by Jason Leung on Unsplash THE REASONS TO DEVELOP CUSTOM SEMICONDUCTOR CHIP IN-HOUSE As technology is progressing and touching

Read More

Why The Semiconductor Industry Is Speedily Adopting Advanced Packaging

Adobe Firefly Semiconductor packaging is one of the last steps in semiconductor manufacturing and a crucial one. Protecting the

Read More

The Student Guide To Match Semiconductor Skills With Functions

DALL-E Semiconductor, Students, Functions And Skills In the last blog post, I wrote about a guide students can use to

Read More

The Semiconductor Industry Needs To Move Towards Multi-Technology-Node Architecture

Photo by Suganth on Unsplash THE COMPLEXITY OF SINGLE-TECHNOLOGY-NODE ARCHITECTURE To ensure high-speed processing, one active component in a computer

Read More

Smart Speakers With Smart Processors

Photo by Paul Esch-Laurent on Unsplash Hardware plays crucial role in product success as much as software does. Smart speakers are getting lot

Read More

The Semiconductor Fabrication Struggle

Photo by Mihai on Unsplash Semiconductor fabrication is a complex process of designing and manufacturing electronic components such as microchips

Read More

The Semiconductor Capacity Expansion Flow

Photo by frank mckenna on Unsplash Semiconductor capacity is a critical factor in the future of the electronics industry. Thus,

Read More

The Growing Reliance Of Semiconductor Industry On Software

Photo by ThisisEngineering RAEng on Unsplash Software is the backbone of several industries, including semiconductor. Several (maybe all) semiconductor activities

Read More

The Already Advanced Semiconductor Manufacturing

Photo by Robert V. Ruggiero on Unsplash Advanced manufacturing is one of the most important development and is pushing manufacturing

Read More

RECENT POSTS

The Wafer Excursions And Impact On Semiconductor Yield

DALL-E Yield And Wafer Excursions: In the complex world of semiconductor manufacturing, maintaining a high yield – the percentage

Read More

The Positives And Negatives Of A New Semiconductor FAB And OSAT

DALL-E Premier On Semiconductor FAB And OSAT A semiconductor FAB is a production plant where devices such as integrated circuits are manufactured.

Read More

The Possible Ways To Unlock Career Opportunities In The Semiconductor Industry

DALL-E The State Of Semiconductor Career In an era of rapid technological advancements, the semiconductor industry is a critical

Read More

The Future Of Semiconductor Education

DALL-E What Is Semiconductor Education The landscape of semiconductor education is pivotal to the continued innovation and growth in

Read More

The Fear Of Using AI For Semiconductor Product Development

DALL-E AI And Semiconductor Integrating Artificial Intelligence (AI) into semiconductor product development is a burgeoning frontier, pushing the limits

Read More

The Semiconductor AI Centers Are Coming

DALL-E AI Ushering New Era Of Data Centers As artificial intelligence (AI) incorporates itself into various industries, the demand

Read More

The Rise Of Semiconductor Ghiplet

DALL-E General Purpose GPU General Purpose GPUs (GPGPUs) represent a significant evolution in computing, transforming GPUs from specialized hardware

Read More

The Use Of AI In Semiconductor Test Program Generation

DALL-E Semiconductor Testing Semiconductor testing, also known as integrated circuit (IC) testing or chip testing, is a critical process

Read More

The Status Of Semiconductor Ecosystem In India

DALL-E Semiconductor And India In 2020, I wrote an article titled “The Status Of Semiconductor Manufacturing In India,” focusing

Read More

The Semiconductor Is Running The World

DALL-E Semiconductors In Everyday Life The dominance of semiconductor giants like NVIDIA, with a market capitalization exceeding $3 trillion,

Read More

Get In

Touch