A newer and more secure method of logon is multi-factor authentication. It also has other designations, such as two-factor authentication (2FA), but basically always follows the same principle: it adds an additional authentication step to logins that require user names (identification) and passwords (authentication). The important thing is that a separate transmission channel is used for this.
Basically, there are three different ways to identify yourself:
through knowledge (e.g. password)
by possession (e.g. ATM card, token)
biometric characteristics (e.g. fingerprint)
This double protection reduces the risk of unauthorized access to sensitive data by third parties. However, the website or Internet service must also offer such multi-factor authentication. Large Internet services such as Google, Facebook, PayPal and others have been using such methods for quite some time. A widespread solution in Austria is the mobile phone signature or citizen card used, for example, by public authorities.
A well-known two-factor authentication is the interaction between the ATM card (possession) and the associated PIN (knowledge). In order to withdraw cash, both components are required. The same applies to online transfers, where the login data (knowledge) and the TAN (possession) must be available to release a transfer. Nowadays, most banks have switched from paper TANs to their digital counterparts: SMS (this procedure has different names depending on the bank: smsTAN, mobileTAN, TAC-SMS), TAN generator or digital signature. An smsTAN has a validity period of typically only a few minutes, which severely limits misuse.