FB pixel

Explainer: Two-Factor Authentication (2FA)

 

Two-factor authentication, or 2FA, is a method of accessing computing and financial resources or physical facilities, with more than just a password or personal information number (PIN or passcode). Using a singular password or passcode to access such resources makes a user susceptible to security threats, because it represents a only a single piece of information that a malicious person needs to acquire.

The additional security that 2FA provides thus ensures that additional information is required to sign in to computing resources, access cash or a building. Two-factor authentication therefore creates an extra level of security which is often referred to as “multi-factor authentication”. Using a username and password or passcode, together with a piece of information that only the user knows, makes it harder for potential intruders to gain access and steal that person’s personal data or identity.

Multi-factor authentication is a method of multi-faceted access control which a user can pass by successfully presenting authentication factors from at least two of the three categories:

• knowledge factors (“things only the user knows”), such as passwords or passcodes;
• possession factors (“things only the user has”), such as ATM cards or hardware tokens; and
• inherence factors (“things only the user is”), such as biometrics

Requiring more than one independent factor increases the difficulty of providing false credentials. Two-factor authentication requires the use of two of three independent authentication factors, as identified above. The number and the independence of factors is important, since more independent factors imply higher probabilities that the bearer of the identity credential actually does hold that identity.

Multi-factor authentication is sometimes confused with “strong authentication”. However, “strong authentication” and “multi-factor authentication”, are fundamentally different processes. Soliciting multiple answers to challenge questions can typically be considered strong authentication, but, unless the process also retrieves “something the user has” or “something the user is”, it is not considered multi-factor authentication.

The most typical scenario where two-factor authentication is emerging is within the banking sector. When a bank customer uses an automated teller machine (ATM), one authentication factor is the physical ATM card the customer uses in the machine (“something the user has”). The second factor is the PIN or passcode the customer enters through the keypad (“something the user knows”). Without the corroborating verification of both of these factors, authentication does not succeed. This scenario illustrates the basic concept of most multi-factor authentication systems: the combination of a knowledge factor and a possession factor.

The combined use of these multiple factors allow financial institutions to combat identity theft and bank fraud by increasing overall security, by reducing the potential for users to be falsely authenticated. As many research analysts have noted, banks can augment traditional passwords or passcodes with two-factor authentication measures that include biometric identification measures. While a biometric identifier in theory could replace the personal identification number, a customer should instead be asked to supply a PIN or password to supplement a biometric identifier, making it part of a more secure two-factor authentication process. Some banks in Asia currently leverage biometric identifiers such as finger vein and palmprint recognition, in conjunction with ATM cards to provide a two-factor ATM authentication solution to their clientele.

With continuing challenges to secured digital environments, users can expect the increased deployment of two-factor authentication solutions in order to mitigate risk in computing, banking and physical environments.

Article Topics

 | 

Latest Biometrics News

 

Serve Legal aims to fill compliance testing gaps for age estimation, liveness

In biometrics and digital identity verification, accuracy is important. So are fairness, accessibility, security and robustness. For these reasons, perhaps…

 

DHS releases ‘comprehensive’ report on use of face biometric systems

The U.S. Department of Homeland Security’s (DHS) new report on the department’ use of facial recognition (FR) and face capture…

 

Idemia unveils device for biometric payment card enrollment on smartphone

A new device for biometric payment card enrollment on the user’s smartphone is launching from Idemia to make the process…

 

Biometrics in live event venues face pushback from privacy regulators

Sports leagues and live event venues continue to explore facial recognition for security and ticketing use cases. Biometric ticketing deployments…

 

Yubico provides 200,000 YubiKeys to T-Mobile, predicts security trends in 2025

Yubico has partnered with T-Mobile U.S. to deploy over 200,000 phishing-resistant FIDO 2 YubiKeys to its employees, vendors and authorized…

 

Keyless adds $2M in funding to fuel North American expansion

Keyless has raised $2 million in a selective strategic funding round to support its plans for continued growth in 2025,…

Comments

5 Replies to “Explainer: Two-Factor Authentication (2FA)”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events