Where Two-Factor Authentication Falls Short

HTML Templates
Email Templates
Admin Templates
WordPress Themes
WordPress Plugins
Mockup Templates

Different Implementations Across Providers — With One Common Thread

Like just about every other technology, two-factor authentication can be implemented in a number of ways. Users might authenticate via an SMS message, email or a verification code from an app such as Google Authenticator. They might also select a trusted photo that displays with each login, ensuring that they’re not on a phishing site.

An iPhone

A Failed Phone Leads to Chaos

This is the situation I found myself in, as the mobile data connection on my Android phone went haywire. Text messages were being delayed by hours or not being delivered at all. A family member residing in the same house and on the same network received their messages just fine. That led me to believe this was some sort of hardware failure.

A cell phone with a cracked screen.

Lessons Learned

The frustrations associated with 2FA can be useful as a teachable moment. Those of us who build websites for a living pat ourselves on the back for increasing security — and rightly so. But implementing this technology in and of itself is not the end of our mission.

2FA Doesn’t Necessarily Need to Be a Requirement

It’s tempting to force users into utilizing two-factor authentication. And in certain high-risk circumstances this makes sense.

Provide Alternatives

While it may be difficult from a maintenance standpoint, offering more than a single method of 2FA could be beneficial. Users can choose the flavor that works best for them. Or, in a pinch, they could even change what they’re using should their mobile device become unavailable.

Expect Some Challenges

It’s possible to do everything right and still run into users who have login troubles. For instance, some 2FA implementations offer one-time use backup codes. They’re great for times when your chosen authentication method isn’t working.

A passcode screen displays on a phone.

Two-Factor Authentication Is Helpful, but Far from Perfect

All told, there are a lot of reasons to like 2FA. It can be fairly simple to implement and it helps prevent unauthorized access to user data. And there are a number of different methods available.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store