Two-Factor Authentication: A New EV Code Signing Certificate Feature
Introduction to Two-Factor Authentication (2FA)
Having a strong password is good practice. It shows that you are aware of the online threats of today’s generation and you’re trying your best to avoid an unfavorable situation. But, let’s get real. In today’s date having a strong password alone cannot keep you safe from the attacks if it’s about to happen.
As the technologies are evolving, so does the security and the way to address its needs. For avoiding online attacks, an extra layer of safety through a feature called Two-Factor Authentication (2-FA) is becoming popular. Many globally known organizations (Google, Twitter, or Microsoft) implements it into their applications. Finally, it has made its way in the community of developers as well, through EV Code Signing Certificates.
What is Two-Factor Authentication (2FA) & Its Role in EV Code Signing Certificate?
- Something you have
- Something you know
In other words, 2FA (Two-Factor Authentication) proves that the user is genuine. It makes the user authenticates to a system/application that you are who you are. One of the best examples is the SMS-based two-factor authentication we use while signing into an Email or any other account. A text message sent to a user’s registered mobile number must be provided to sign-in into an account after submitting the password.
In our case, if we look through standard code signing certificates, we see that the private key is stored locally in the certificate store of the system. But, as per the CA/Browser Forum for EV Code Signing Certificate, the private key is stored separately on a USB device which is password protected. Here the 2-FA plays its role. A user must have both the USB device containing an encrypted token and private key (something you have) & the password (something you know) before applying the signature which makes it quite difficult for attackers to steal signing credentials from a legit developer to use for distributing malware.
Here you might be thinking that you can store the private key in USB on your own. What’s new in it? But the real answer is hardly anyone is going to do so. They decided on their own to add an extra layer of security. Ultimately, EV Code Signing came up with the 2-FA (Two-Factor Authentication) feature, and it comes by default to reinforce authentication and enhanced security.