The importance of two-factor authentication
This is a guest post by Yutaka Deguchi, general manager of mofiria Corporation.
In recent years, the use of “two-factor authentication” has been increasing as a personal identification method.
The methods of identity verification are roughly divided into the following three:
1) Use user’s knowledge: (Someting you know)
2) Use user’s possession: (Something you have)
3) Use characteristics of users themselves: (Something you are, biometrics)
Multi-factor authentication is a method of identity verification using multiple elements of these three, and two-factor authentication is using two elements of these three.
For example, ATM using a cash card as 1) and a secret number as 2) realizes two-factor authentication.
Even in the case of using two levels of authentication, both passwords and answers to secret questions are 1), so it can not be said to be two-factor authentication.
From the viewpoint of prevention from spoofing, 1) is very weak against leakage of knowledge such as leakage of passwords stored in the system and theft of secret numbers by observing users. Many problems actually occurred. 2) is also very weak against the theft of possession such as IC card by others.
By introducing two-factor authentication, it is possible to prevent spoofing against the theft of a password and theft of a card. Recently, the number of systems that realize high security using two-fctor authentication is increasing.
Furthermore, some systems, where high security is required, have to be introduced two-factor authentication.
For example, in a system that accesses “my number” that was introduced last year, Ministry of Internal Affairs and Communications obliged the sytem to introduce two-factor authentication.
Among two-factor authentication, 3), using biometric information, is better than others from the user side, because of not requiring the user to remember something or carry around something.
Moreover, there is basically no risk of theft or loss.
With such features, biometric authentication is increasingly introduced to two-factor authentication.
Among biometrics, vein authentication can realize extremely high security from the viewpoint of prevention from spoofing compared with fingerprints or faces, because it is easy to make a forgery of fingerprints or faces using their photographs.
That is why vein authentication has been increasing to be introduced by two-factor authentication.
In the future, opportunities to see vein authentication will increase, especially in fields requiring high security such as the educational field dealing with student’s personal information or the medical field dealing with patient’s personal information.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.