T___T logo
About
Welcome What's New Profile Education Skillset Experience LinkedIn GitHub Trello
Demos
Demos 2025 Demos 2024 Demos 2019 to 2023 Demos 2014 to 2018
Posts
Posts 2025 Posts 2024 Posts 2019 to 2023 Posts 2014 to 2018
Tech
AngularJS D3.js Highcharts HTML/CSS/JavaScript jQuery jQuery UI LESS PHP ReactJS Ruby On Rails SVG VueJS
Data Analytics
Posting Times By Year Tag Frequency By Year Tag Popularity By Year Popularity By Year/Month Tech Frequency By Year
Contact

Posts for 2018

January


2
Hackers and Bugs and Bounties, oh my!
"This is an event where white hat hackers and security specialists are invited to probe a given site for security vulnerabilities. Rewards are offered to participants for each vulnerability found."


6
An Argument About Arguments
"So now, think of parameters as parking spots and arguments as cars!"


10
Ten Principles of Adult Learning Applied to Software Development

"People can memorize stuff - it's just not a terribly effective way to retain knowledge."


23
App Review: ActiveSG
"Pro-tip: Anything that forces the user to tap extra times, is a huge no-no."


27
Revenge of the Damore
"Whether or not the Googlers are sensible enough to realize that they come off as a bunch of utterly unprofessional, foot-stamping snowflakes, is besides the point."
February


25
Film Review: Silicon Valley Season 2

"This is one of the most masterful digs at Silicon Valley's pretentiousness towards diversity. Ever."
March


3
App Review: Father And Son
"There are some games that will keep you busy for months, or at least weeks. Father And Son is not that kind of game, and it's not meant to be."
April


10
Five Dimensions of Competency applied to Web Development
"There's a lot more to competency than simply being good at something, or being able to do something to a certain standard."


14
Tech Terms and why we should use them right
"Don't let a couple of incorrectly used words detract from the brilliance of your ideas."


24
Plugging those Knowledge Gaps
"You can never eliminate all your knowledge gaps - but you can ensure that the knowledge gaps that you have today, aren't exactly the same ones you had last year."
May


23
The WSQ Way to Self-improvement
"Honestly, having no knowledge of HTML while trying to learn scripting, is the software equivalent of attempting the hundred meter dash without learning to walk first."


27
Rise of the Bike-sharing Phenomenon
"Bike-sharing's here to stay, that's for sure. However, with the rising costs of a bike-share, along with up-front payment implemented by many vendors, casual users are being put off, while serious use"
June


2
Restricting Input Lengths
"Users generally have more confidence in a system when it performs as expected."


8
Microsoft's Acquisition of GitHub
"Perhaps Microsoft has finally cottoned on to the fact that a sizeable chunk of the world's developers, perhaps even a staggering majority, all benefit regularly from open-source code."
July


1
Reference Review: Java SE 7 Programming Essentials
"It's not an easy read by any means, but it's a lot easier than many other Java books would be."


17
The Buzz About FizzBuzz
"Why are people who can't program, applying for programming jobs? Because hirers advertise for degrees in Computer Science, not the ability to solve FizzBuzz."


21
Data Theft At SingHealth
"Be vigilant, paranoid even, and don't make the mistake of thinking something is safe simply because it's stored by the Government. That's one of the first places they attack."


24
Film Review: Unfriended: Dark Web
"It's not a revenge flick about a wronged ghost... this time."
August


13
Google's Fair Use Defense Overturned
"Yep, that one piece of documentation turned out to be Google's undoing and now they owe Oracle about 9 billion dollars."


25
A Look At User Authentication Factors
"An authentication system is made out of authentication factors. There may be multiple factors, but whether a system is Single-factor Authentication, Two-factor Authentication (2FA) or Three-factor Aut"
September


5
Five Examples of Terribly Useless Commit Remarks
"Committing changesets to a code repository is one of the ways a developer collaborates with others. And to do that well, at the very minimum, one needs to understand the art of writing useful commit remarks."


8
Online Lynch Mob Activated!

"This is Singapore, and as much as I love her, she's filled with chickenshit keyboard warriors who talk a good game behind a computer screen but totally lose their nerve when their bluff is called."


28
The Need For Foreign Tech Talent
"Software development, and arguably all tech, is a profession where change is the only constant, and the notoriously conservative mindset of Singaporeans simply does not lend itself to this paradigm."
November


1
Film Review: Searching
"At its core, Searching is a heartwarming story about family wrapped in a crime thriller and delivered via the medium of modern technology."


4
A Walkout Against Tech Discrimination
"Google does not need less men or more women; they need more employees who don't disrespect their colleagues, period."


26
Misfiring On User Experience
"When it gets to the point where the user is just randomly clicking around to see what happens, the system is failing."
December


2
Insertion The MySQL Way
"It's elegant, more robust than the other examples, and close enough to the UPDATE statement to make it relatable."


14
My Year In Training And Assessment
"However, being a WSQ instructor is not just about having the skills and knowledge in facilitation of learning. Like many other professions, it is also about having the correct temperament."
A Look At User Authentication Factors
25th August 2018, 21:36
In 2016, Singapore introduced 2FA to SingPass authentication. It's been two years, and to my mortification most of the people I've met - techs included, oh my God - don't actually know what the term means beyond having to take an extra step (keying in a One-time Password, otherwise known as OTP) while logging in.

So yes, today we will take a look at what 2FA means in security. It's shorthand for "Two-factor Authentication".

Authentication Factors

During authentication, we make use of authentication factors. This could be just a password, or a thumbprint, or a codephrase. Something for the system to identify you by before allowing entry.

There are generally three types of authentication factors - Knowledge, Possession and Inherence.

Knowledge

This factor type is about what you know. It's something you memorize. In its most common form, it's a password, or a PIN number. If you've watched Mission Impossible: Fallout recently, there's this sequence where Tom Cruise's character, Ethan Hunt, supplies a phrase to a fellow agent.

'I am the storm.'

"I am the storm."



Agent: Fate whispers to the warrior.
Ethan Hunt: There's a storm coming.
Agent: And the warrior whispers back...
Ethan Hunt: I am the storm.


"There's a storm coming." and "I am the storm." are the passphrases and those serve as useful examples of Knowledge authentication factor types.

Possession

Possession isn't about exorcism in this context (heh heh) but it's something you have. Something you keep on your person such as a mobile phone or a security token. Using it, the system can send a one-time password which the user can then use for authentication.

A typical RSA token.

A typical RSA token.


Other examples of a Possession authentication factor type are - ATM card, NRIC card and credit card. Again, things you keep on your person.

Inherence

Don't be intimidated by this term - it basically means what you are. Things that are part of you, that we use in authentication. Like thumbprints, retina scans, facial recognition, voice recognition and so on. Biometrics.

Eye scan.

Eye scan.


There's even something that scans the inner lining of your ear. It sounds weird as heck, but we live in strange times. Hey, if it works...

An authentication system is made out of authentication factors. There may be multiple factors, but whether a system is Single-factor Authentication, Two-factor Authentication (2FA) or Three-factor Authentication (3FA), depends on the number of different authentication factor types. For example, a simple Login screen is Single-factor authentication, even though the user has to key in both a login id and a password.

Instagram login screen.

Instagram login screen.

Why? There are two authentication factors. But both of them are the same authentication type - Knowledge. That means there is only one authentication factor type in play. Even if you had to key in five passwords to be allowed entry, that would still be Single-factor Authentication.

Examples of Single-factor Authentication

As previously stated, a typical login screen is Single-factor Authentication. So is any type of system that only uses one authentication factor type.

ActiveSG gantry.

ActiveSG gantry.

Like the gantries in ActiveSG swimming complexes. You scan your NRIC (a Possession authentication factor type), and it opens up.

Unlocking your mobile phone can be done via thumbprint scan (Inherence), facial recognition (Inherence) or a PIN (Knowledge). That's Single-factor Authentication.

Examples of Two-factor Authentication (2FA)

As mentioned previously, using your SingPass is 2FA. You key in your login id and password (Knowledge), then the systems sends an OTP to your mobile phone (Possession) for you to continue the login process.

Automatic Teller Machine.

Automatic Teller Machine.

Using an Automated Teller Machine (ATM) requires you to have your ATM card (Possession) and your PIN number (Knowledge).

The gantries in Changi Airport (all terminals) are 2FA. First, you scan your passport (Possession) and then your thumbprint (Inherence).

Examples of Three-factor Authentication (3FA)

There are virtually no examples of 3FA on websites. Biometrics are all but impossible right now on browsers. (CAPTCHA doesn't count because while it does - kind of - verify that you're not a bot, it can't verify that you're you.) Therefore, we're limited to only two authentication factor types - Knowledge and Possession.

Hi-tech security.

Hi-tech security.


However, advanced security systems might require an electronic pass, a biometric scan and a passcode. That would qualify as 3FA.

That's all...

I just really wanted to explain 2FA. This might be a little more information than required. Hope this was interesting enough!

Thanks for tuning in! I had a scan-dalously good time.
Tags
See also
INFO

A collection of technical snippets and ruminations on the web industry and tech in general. Much of it is opinion-based, and as such, I fully expect people to disagree.

As with most opinion-based content, your mileage may vary.

RATINGS

Some posts are more popular than others. Here are what the ratings mean.

All-time high viewership.
Wildly popular.
Decent viewership. Moderate popularity.
TAGS

Some of these tags crop up frequently. Here's what they mean...

App Review
Where I share my thoughts on certain mobile apps I've used.
Applied Tech
Ruminations on tech happenings around the world and in society, how software technology has impacted us, and whether it's a good or bad thing.
Fiction Review
My findings in tech fiction.
Film Review
Movies or TV shows that revolve around technology.
Life As An Economic Digit
My thoughts on working life, specifically tech working life, though some of it is applicable generally - office politics, code of conduct, career thoughts.
Listicle
Little fun lists, because thoughts are easier to organize that way.
Profanity Alert
Sometimes the language I use isn't fit for polite company. You've been warned.
Redux
On the occasion that I revisit a previous blogpost, or issue a continuation of one.
Reference Review
Sources of information, be they programming books or online video tutorials.
Sexism In Tech
While I'm not a feminist or a raging SJW, I do firmly believe that coding is a gender-neutral pursuit.
Software Review
Mostly desktop software, or any software that isn't a mobile app.
War Stories
Not literally, but anecdotes I recall when I want to make a point.
The views expressed herein are representative of no other than the author's. Technical facts have been reviewed and are believed to be reasonably accurate. This site was built with:
PHP Semantic UI