In today’s digital information, “account” has become an essential network pass-through certificate for everyone. It is related to personal digital assets and privacy, and even affects the security of real assets.

How to ensure the security of user accounts is an issue that all developers attach great importance to, and “authentication” — to confirm the identity of users is the key step to ensure the security of accounts.

We often see such news: bank APP password leak, deposit transfer caused heavy economic losses; The game account was maliciously logged in by others, and all the props purchased with krypton money were emptied; Unknown login on social media accounts and improper comments…

With the increasing development of network technology, the login way is more and more convenient, and the use of account login loopholes, illegal login other people’s accounts, damage other people’s interests or obtain improper interests of the event is also emerging in an endless stream, the important reason for these events is the authentication method is single, the login process is not rigorous.

The authentication method of user name + password is too simple. Once the user password is leaked, it may cause irreparable losses. How to deal with the phenomenon and problems mentioned above?

The answer is two-factor authentication. This authentication method fills the loopholes that may appear in the process of confirming the user’s identity and ensures the security of the user’s account to a great extent.

What is two-factor authentication?

Two-factor authentication is a system based on time synchronization technology, which uses a one-time password based on time, event and key to replace the traditional static password.

Generally speaking, in addition to the combination of user name and password, a layer of highly random security authentication is added, namely dynamic verification code, which is used to ensure the security of the user identity of the login and the use of the account. The industry is also commonly known as two-step authentication, or multi-factor authentication.

Due to the different variables in each authentication, the verification code generated each time is also different. Due to the random parameters and unpredictability of the verification code each time, the security of login is guaranteed in the most basic link of password authentication.

Two-factor authentication applies to a variety of scenarios. In general, as long as there is a static password, two-factor authentication can be integrated.

Now, two-factor authentication has been widely used in various fields, including online banking U shield, SMS verification code and so on. No matter in the financial lobe, social lobe or video and audio lobe, the authentication method of user name + password + dynamic password has become an effective means for websites and APPs to avoid risks, and a powerful guarantee for digital assets and personal privacy of relevant user groups.

At present, the two-factor certification equipment and technology has been quite mature, its solution mainly has three components:

Authentication devices (tokens), agent software, and management servers.

Authentication agent software acts between the end user and the network resources that need to be protected. When a user wants to access a resource, the authentication agent software sends the request to the authentication management server for authentication.

In order to assure the operability of two-factor authentication, is responsible for receiving a two-factor authentication request and verification, two-factor authentication management server, need to have very high reliability and safety, can support a variety of two-factor authentication device, and can be convenient and enterprise IT infrastructure integration, including the front end of access network equipment and service system, And the back-end account system such as AD, LDAP, etc.

For individual developers and small and medium-sized enterprises, from the safety and reliability of data assets, two-factor authentication is quite necessary, but the investment in a large number of costs of research and development agent software and management server is not worth the loss, integration on the market has already had a two-factor authentication service account system, can yet be regarded as the best choice.

Huawei account two-factor authentication function after developers and market test, its security, no doubt, and huawei account service risk real-time notification, follow GDPR privacy norms, to multiple account security safeguard, can also help the application automatically read the verification code, can be read by the user authorization, further improving user validation experience.

For more details, please see: Huawei Account Services

Official website and development guidance document of Huawei Developer Alliance

Address of Huawei Mobile Service Open Source Warehouse:GitHub,Gitee

accessHuawei Official Forum

The original link: https://developer.huawei.com/… Author: Pepper