FB pixel

Explainer: Two-Factor Authentication (2FA)

 

Two-factor authentication, or 2FA, is a method of accessing computing and financial resources or physical facilities, with more than just a password or personal information number (PIN or passcode). Using a singular password or passcode to access such resources makes a user susceptible to security threats, because it represents a only a single piece of information that a malicious person needs to acquire.

The additional security that 2FA provides thus ensures that additional information is required to sign in to computing resources, access cash or a building. Two-factor authentication therefore creates an extra level of security which is often referred to as “multi-factor authentication”. Using a username and password or passcode, together with a piece of information that only the user knows, makes it harder for potential intruders to gain access and steal that person’s personal data or identity.

Multi-factor authentication is a method of multi-faceted access control which a user can pass by successfully presenting authentication factors from at least two of the three categories:

• knowledge factors (“things only the user knows”), such as passwords or passcodes;
• possession factors (“things only the user has”), such as ATM cards or hardware tokens; and
• inherence factors (“things only the user is”), such as biometrics

Requiring more than one independent factor increases the difficulty of providing false credentials. Two-factor authentication requires the use of two of three independent authentication factors, as identified above. The number and the independence of factors is important, since more independent factors imply higher probabilities that the bearer of the identity credential actually does hold that identity.

Multi-factor authentication is sometimes confused with “strong authentication”. However, “strong authentication” and “multi-factor authentication”, are fundamentally different processes. Soliciting multiple answers to challenge questions can typically be considered strong authentication, but, unless the process also retrieves “something the user has” or “something the user is”, it is not considered multi-factor authentication.

The most typical scenario where two-factor authentication is emerging is within the banking sector. When a bank customer uses an automated teller machine (ATM), one authentication factor is the physical ATM card the customer uses in the machine (“something the user has”). The second factor is the PIN or passcode the customer enters through the keypad (“something the user knows”). Without the corroborating verification of both of these factors, authentication does not succeed. This scenario illustrates the basic concept of most multi-factor authentication systems: the combination of a knowledge factor and a possession factor.

The combined use of these multiple factors allow financial institutions to combat identity theft and bank fraud by increasing overall security, by reducing the potential for users to be falsely authenticated. As many research analysts have noted, banks can augment traditional passwords or passcodes with two-factor authentication measures that include biometric identification measures. While a biometric identifier in theory could replace the personal identification number, a customer should instead be asked to supply a PIN or password to supplement a biometric identifier, making it part of a more secure two-factor authentication process. Some banks in Asia currently leverage biometric identifiers such as finger vein and palmprint recognition, in conjunction with ATM cards to provide a two-factor ATM authentication solution to their clientele.

With continuing challenges to secured digital environments, users can expect the increased deployment of two-factor authentication solutions in order to mitigate risk in computing, banking and physical environments.

Article Topics

 | 

Latest Biometrics News

 

Biometrics providers and systems evolve or get left behind

Biometrics are allowing people to prove who they are, speeding journeys through airports, and enabling anonymous online proof of age,…

 

Findynet funding development of six digital wallet solutions

Finnish public-private cooperative Findynet has announced it will award 60,000 euros (US$69,200) to six digital wallet vendors to help translate…

 

Patchwork of age check, online safety legislation grows across US

As the U.S. waits for the Supreme Court’s opinion on the Texas case of Paxton v. Free Speech Coalition, which…

 

AVPA laud findings from age assurance tech trial

The Age Verification Providers Association (AVPA), and several of its members, have welcomed the publication of preliminary findings from the…

 

Sri Lanka to launch govt API policies and guidelines

Sri Lanka’s government, in the wake of its digital economy drive, is gearing up to release application programming interface (API)…

 

Netherlands’ asylum seeker ID cards from Idemia use vertical ICAO format

The Netherlands will introduce new identity documents for asylum seekers Idemia Smart Identity, compliant with the ICAO specification for vertical…

Comments

5 Replies to “Explainer: Two-Factor Authentication (2FA)”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events