Forums Community Two factor authentication Reply To: Two factor authentication

#14601 Reply


Hi UserInterests,

It’s not about not wanting or being able to use various authenticator apps. It’s about fundamental aspects of encryption vs. authentication.

Encryption is not *access control*. When you store files in a server or a computer with access controls implemented, the software, i.e. operating system, app etc, will let you access the data if you prove that you are you. That’s authentication.

Encryption is about transforming data into another form, effectively making the content inaccessible by virtue of not being possible to interpret, under the influence of a key. A secret.

Without that secret, it’s computationally infeasible to decrypt.

That’s very different from access control, where access is controlled by software, either allowing or disallowing access. That’s where authentication comes into play – you prove to the software that you are you. But, the software can be tricked or bypassed in many different ways, because it’s only a piece of software that block or allows you access. If you’re a super-user, or can access the data without going through the software (think backup storage, remove hard drive from computer etc), you can read the data.

Encryption is not access control. Encryption is a “mathematical” transformation, requiring the knowledge of a secret to reverse. Here “2 factor authentication” or any kind of authentication, does not make sense. Because it’s not about authentication. It’s about applying an algorithm to reverse the transformation under the influence of a secret.

If we did implement an indirect scheme, were authentication (2 factor or otherwise) was used to gain access to the encryption keys (i.e. secrets), then we’d effectively be building an encryption system with a back door. That’s not what we want to do.