Cambridge IGCSE ICT 0417 – Safety and Security: Two‑Factor Authentication
Safety and Security – Two‑Factor Authentication (2FA)
Learning Objective
Know and understand two‑factor authentication, including its purpose and how it works.
What is Two‑Factor Authentication?
Two‑factor authentication (2FA) is a security process in which users provide two different authentication factors to verify themselves. It adds an extra layer of protection beyond the traditional single‑factor method (usually a password).
Why Use Two‑Factor Authentication?
Reduces risk of unauthorised access: Even if a password is compromised, an attacker still needs the second factor.
Protects sensitive data: Personal, financial and school information remain safer.
Compliance with standards: Many organisations and regulations (e.g., GDPR, ISO 27001) require stronger authentication.
Improves user confidence: Users feel more secure knowing their accounts have extra protection.
How Does Two‑Factor Authentication Work?
The authentication process typically follows these steps:
First factor – Something you know: The user enters a password or PIN.
Second factor – Something you have or are: The system requests a second credential, such as:
A one‑time code generated by a mobile app (e.g., Google Authenticator).
A text message (SMS) containing a temporary code.
A hardware token that displays a numeric code.
A biometric identifier (fingerprint, facial recognition).
Verification: The system checks both factors. Access is granted only if both are correct.
Types of Authentication Factors
Factor Category
Examples
Typical Use
Something you know
Password, PIN, security question answer
First factor in most systems
Something you have
Mobile phone (SMS or authenticator app), hardware token, smart card
Second factor for 2FA
Something you are
Fingerprint, facial recognition, voice pattern
Often used as the second factor in biometric‑based 2FA
Advantages and Limitations
Advantages
Significantly lowers the chance of account compromise.
Can be implemented with low cost using existing devices (smartphones).
Provides flexibility – users can choose the method that best fits their needs.
Limitations
Reliance on secondary device – loss or damage can lock users out.
SMS codes can be intercepted or subject to SIM‑swap attacks.
Biometric data, if compromised, cannot be changed like a password.
Implementing 2FA in a School Environment
Identify accounts that need protection (e.g., staff email, student portals, admin systems).
Choose a suitable 2FA method – authenticator apps are recommended for reliability.
Configure the chosen service to require 2FA for all users.
Provide training and written guidance on how to set up and use 2FA.
Establish a backup procedure (e.g., recovery codes) for users who lose their second factor.
Key Points to Remember
2FA combines two independent factors: knowledge, possession, or inherence.
The purpose is to make unauthorised access much harder, even if one factor is compromised.
Effective 2FA implementation requires user education and a clear recovery plan.
Suggested diagram: Flowchart showing the two‑step verification process – first the password entry, then the request for a one‑time code, followed by successful login.