Two-factor authentication
Two-factor authentication, sometimes referred to as two-step verification, is a security process in which users provide two different authentication factors to verify themselves.
2FA provides a higher level of security than authentication methods that depend on single-factor authentication,
In which the user provides only one factor typically,
a password or passcode.
Two-factor authentication methods rely on a user providing a password as the first factor and a second, different factor usually either a security token or a biometric factor,
such as a fingerprint or facial scan.
A knowledge factor is something the user knows,
such as a password,
a personal identification number (PIN) or some other type of shared secret.
A possession factor is something the user has,
Such as an ID card,
a security token,
a cellphone,
a mobile device or a smartphone app, to approve authentication requests.
A biometric factor, also known as an inherence factor,
is something inherent in the user’s physical self.
These may be personal attributes mapped from physical characteristics,
such as fingerprints authenticated through a fingerprint reader.
Other commonly used inherence factors include facial and voice recognition or behavioral biometrics such as keystroke gait or speech patterns.
A location factor is usually denoted by the location from which an authentication attempt is being made.
Which attempt is based on the source Internet Protocol address or some other geo-location information,
Such as Global Positioning System data,
derived from the user’s mobile phone or other device.
A time factor restricts user authentication to a specific time window in which logging on is permitted and restricts access to the system outside of that window.
Organizations need to deploy a system to process and allow or deny access to users authenticating with their tokens,
as well as provided as a service by a third-party vendor.
Authenticator apps replace the need to obtain a verification code via text,
voice call or email.
Instead of having to wait a few seconds to receive a text message, an authenticator generates the number for them.
These numbers change every 30 seconds and are different for every login.
By entering the correct number, users complete the verification process and prove possession of the correct device an ownership factor.
Example:
How two-factor authentication works on Facebook.
See our other blogs click me
