What is 2 Factor Authentication (2FA) and is it compulsory?

In late 2018, India’s market regulator, SEBI, issued new guidelines aimed at bolstering the cybersecurity practices of stock brokers and depository participants. The regulator emphasized the need for these financial firms to establish robust cyber resilience frameworks. The goal was to safeguard the integrity of sensitive data and protect against breaches of customer privacy.

These new cybersecurity requirements were gradually implemented over the next few years. By September 2022, brokers across the industry had started offering their clients various forms of two-factor authentication (2FA) to access trading accounts and services.

Two-factor authentication is a security method that adds an extra layer of protection beyond just a password. It requires users to provide two different types of verification to confirm their identity. This is considered a subset of the broader multi-factor authentication (MFA) approach.

MFA categorizes the different authentication factors into three main types:

1. Knowledge-based factors (e.g., passwords, PINs)
2. Possession-based factors (e.g., smartphones, security tokens,TOTP’s)
3. Inherence-based factors (e.g., biometric data like fingerprints)

For 2FA to be effective, it must involve at least two distinct factors from these categories. Simply requiring both a password and a PIN would not qualify, since a PIN is essentially just another form of knowledge-based authentication.

Read More – How to set up 2FA on CubePlus?