Two Factor Authentication - Criteria

Authentication is a process through which one's identity is verified. For a long time it was done using a one-step login where users had to provide their passwords. This approach was appropriate for the early days and served us well for a while.

Unfortunately due to our reliance on digital systems for sensitive operations, the prevalence of bad actors to break or steal credentials for their own nefarious plans compounded by the bad passwords practices and management better authentication is required.

Multi factor authentication as the name indicates, does not solely rely on a single step, rather a mix and match of different factors where users have to provide something they know, have or are. The first one corresponds to the traditional system previously mentioned with passwords and PINs. The second makes use of physical devices, general purpose ones such as phones or for more secure contexts dedicated and specialized hardware keys. While the last one mainly refers to biometrics such as fingerprints and facial or voice recognition.

Security generally inversely correlate with ease of use. Two factor is then a compromise, suitable to the majority of commonly encountered situations. While hardware keys are preferable, most users rely on their phone and an authenticator app to generate a one time password.

As always the application should be Free and Open Source, implement at least one of the two standard algorithms for one time passwords: HMAC-based one-time password (HOTP) and Time-based one-timepassword (TOTP), have a secure vault protected by a password or biometrics. And additional functionalities such as backup and data import/export.