Online Security : Two-factor Authentication (2FA)

Security on the internet, especially when it comes to online transactions, has always been a major concern. Passwords can be stolen, phished or simply lost and hence, experts have long been trying to create a better way for authenticating one’s identity on the web. One of the ways in which security can be upped is by introducing another layer of security over and above the username and password. This is known as two-factor authentication (2FA). It has proven itself quite effective for averting unauthorized transactions. The way 2FA takes place is pretty simple – a hardware token or a card sized device generates a code that users need to enter along with their passwords on web sites. Earlier net banking web sites that had opted for 2FA security authentication would provide these hardware devices to their customers.

VeriSign, a company otherwise best known for SSL certificates and its check sign, has brought 2FA to a new form factor – the mobile phone. Rajiv Chadha, VP, VeriSign India, gave us a demo of this format at a special briefing in Mumbai. The process is quite simple. Users have to register once and acquire a unique credential ID. This number is locked to a J2ME application that can be downloaded for free on any compatible phone. Further, this credential can be linked to a number of user ids on different sites that use VIP (VeriSign Identity Protection). The app generates a six digit code that changes every 30 seconds. The credential is registered with a relying party web service - and every time you initiate a login session to your web service, in addition to entering your easy to remember userid and password, you also enter the six-digit code from your credential as a second password. This service is also available via SMS.

Many web sites such as PayPal and EBay have this as an optional layer of security. “In fact PayPal in the UK has already made this mandatory,” says Chadha. So the next time you’re logging in to even your favorite social networking site, don’t be surprised if you find yourself reaching for your phone. Even if it’s non-mandatory for now, users should probably opt for this service voluntarily. With this added layer of security, a hacker will not only have to steal your password, but physically reach into your pocket to steal your phone too – quite an unlikely situation. There are currently about 70 web sites where VIP is available. To get a full list head over to In India, several brokerage and banking web sites are already in talks with VeriSign to implement this soon.

Get Tech Updates via eMail :


  1. I have heard a lot about this authentication scheme which is used in a number of online security tools and applications. With the help of this article I got a chance to know the logic behind it. Thanks.
    digital signature software



About Tech Guru

TechGuru is a leading technology site, dedicated to software, gadgets, tech news and reviews. The site offers articles, tutorials and how-to guides on all things related to personal technology, desktop applications, productive online tools, social networking sites, windows, office etc.

Founded in 2007, TechGuru features audience who have the passion for Software and Technology and seeks to promote awareness about the internet and computing.

Get News on the Go

Mobile TechQuarkTech Guru is a mobile-friendly website. Simply bookmark in your mobile browser for free access anytime, anywhere.

Contact Us / Send a Tip

Use Contact Form, if you have Comments, Problems, Suggestions, Praise, Complains about the site. Your suggestions and articles are valuable to us.

Copyright © 2007- Tech Guru - All rights reserved. No part of this blog be republished or written without prior permission of the author

Privacy Policy | Disclaimer | Contact | Advertise With Us

Designed and Maintained by Shubham Gupta