2-Steps Verification vs. 2-Factors Authentication

Toggle sidebar Toggle sidebar
S

shaharhada

Reputable
Jul 27, 2020
319
8
4,685
What are the differences between these two?

In the value of Apple ID source in Wikipedia: https://en.wikipedia.org/wiki/Apple_ID
After Retrieval subtitle in the value after the title security.
"For security reasons, if Recovery Key or Two-Step Verification (not Two-Factor Authentication) is turned on, Apple will not reset the password an Apple ID account."
 
The main difference between two-step verification (2SV) and two-factor authentication (2FA) is 2FA requires a distinct "factor." What is a "factor"? It's generally regarded as one of these things:
  • Something you know: e.g., user name and password
  • Something you have: e.g., a smartphone, a code generator fob, etc.
  • Something you are: e.g., fingerprints, voice, something you can do
2SV typically only covers what you know: you know a password and can access something where the second step will be performed, but it may not necessarily require a separate device. For example, if you get a code emailed to you, this is not 2FA, because you can access the code on any device that can log into the email account. Even something like getting a code sent via SMS is considered 2SV, because you can receive SMS messages on a computer now, especially with Apple products.

To be 2FA, you must have another device to access the system. For example, I have a few accounts that require a constantly changing security code that an app on my phone handles. I cannot access this app on my computer, so if I log in via my computer, I must have another device (i.e., a phone with this app) to log in. Though some services take this a step further and ties the device to your account. With Apple and Google, you tie a phone to your account and every time you log in to one of their services, your phone will pop up with a message asking if you approve the login. So if you lose the device, you lose that factor (which is why Google and I'm sure Apple provide a backup method to log in).
 
  • Like
Reactions: shaharhada
hotaru.hino said:
The main difference between two-step verification (2SV) and two-factor authentication (2FA) is 2FA requires a distinct "factor." What is a "factor"? It's generally regarded as one of these things:
  • Something you know: e.g., user name and password
  • Something you have: e.g., a smartphone, a code generator fob, etc.
  • Something you are: e.g., fingerprints, voice, something you can do
2SV typically only covers what you know: you know a password and can access something where the second step will be performed, but it may not necessarily require a separate device. For example, if you get a code emailed to you, this is not 2FA, because you can access the code on any device that can log into the email account. Even something like getting a code sent via SMS is considered 2SV, because you can receive SMS messages on a computer now, especially with Apple products.

To be 2FA, you must have another device to access the system. For example, I have a few accounts that require a constantly changing security code that an app on my phone handles. I cannot access this app on my computer, so if I log in via my computer, I must have another device (i.e., a phone with this app) to log in. Though some services take this a step further and ties the device to your account. With Apple and Google, you tie a phone to your account and every time you log in to one of their services, your phone will pop up with a message asking if you approve the login. So if you lose the device, you lose that factor (which is why Google and I'm sure Apple provide a backup method to log in).
Click to expand...
What is code generator fob?
  • Something you have: e.g., a smartphone, a code generator fob, etc.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom