Knowledge Base - Security
What is two-factor authentication?
Two-factor authentication (2FA), is a two step verification process, that typically requires not just the user’s password and username, but also something that the user has on them (a piece of information only they should have or know). This can be in the form of a physical token, biometrics, or through the SMS technology of their mobile phone.
The standard security process of simply entering your username and password has made it easier for criminals to gain access to user’s private data such as their personal and financial details, as well as giving them the opportunity to perform other crimes such as identity theft.
With the 2FA, the extra layer of security makes it difficult for potential intruders to gain access to their sensitive data.
However, a downside to such a process is that new hardware tokens have to be issued and customers who want to gain quick access to their information may find this process too cumbersome. The physical tokens are usually small, and can be easily lost, causing more problems as customers have to call in to be issued a new one.
Thankfully, more companies are using mobile phone technologies to forego the need for a physical tokens and this process is faster and cheaper through using your mobile phone. Yet, the best practice is to always have a strong password, and depending on how it is implemented, Multifactor authentication (MFA) can be used for more secure logins.
What is AES 256-bit encryption?
The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is more secure than its predecessors -- DES and 3DES -- as the algorithm is stronger and uses longer key lengths. It also enables faster encryption than DES and 3DES, making it ideal for software applications, firmware and hardware that require either low-latency or high throughput, such as firewalls and routers. AES comprises three block ciphers, AES-128, AES-192 and AES-256. An AES-256 consists of 14 rounds which involves a series of steps to process an input plaintext and transform them into the final output of ciphertext. AES can be used to protect classified information, and thus is is now the default encryption algorithm for protecting classified information. The AES cipher has proven to be, in theory, uncrackable since the combinations of keys are massive, and it is hence reliable if implemented correctly. Its successful use by the U.S. government led to widespread use in the private sector, leading AES to become the most popular algorithm used in symmetric key cryptography.