Home > Publications > Technical > Two-Factor Authentication

Two-Factor Authentication


 Two factor authentication or strong authentication is a method of verifying the identity of a person by using two items: something they “know” (password) and something they “have” (key-fob/token/smart card). When these items are used together for logging in to a secure website, area, or computer, the system authenticates the user and access is granted, if the correct information is entered.  If the information entered is incorrect, access is denied and the account is disabled or locked out. Some examples of two-factor authentication are an ATM card, a key-fob that connects a user to a virtual private network, an online bank, or credit account.

As mentioned above, there are two items required in the identification process: Something you know, and something you have. For example, for banking, a person uses a pin number or password (something they know), but also will have a key-fob or ATM card.  When that person attempts to retrieve money from an ATM machine they insert their card into the machine (something they have), then input their pin (something they know); they have just completed the two-factor authentication process.  Another example is visiting a bank website; a user is prompted to enter their username and password, then at the next screen, they are asked a series of questions, such as “what was your mother’s maiden name?”  With the correct answers the user will gain access to the account; incorrect answers will lock them out.

Two-factor authentication verifies the identity of a person by requesting two different pieces of information that is used to provide access to a secure system. The two pieces of information can include a strong password, and a continuous changing number on a key-fob (in which they only have between 50-60 seconds to enter the information into the logon screen).  The password will possibly be changed every thirty days while the key-fob’s numbers, based on a mathematical algorithm, are continuously changing on a predefined basis, making it more difficult for a criminal to “guess” the password and gain access to the secure system.  The two-factor authentication makes it difficult for criminals to gain access to secure information because of the continuous changing numbers and the strong user-supplied password.  If either of these two pieces are compromised, they both must be corrected by changing the password and resetting or disabling the key-fob.

There are many forms of key-fob like devices, including USBs, digital certificates, smart cards, one-time password tokens, tokens, etc. All of the devices have continuous changing numbers that allow users to logon in with their strong passwords.

Two-factor authentication is more secure than just having one password by requiring two pieces of information to access a secure website, system, or server.  The majority of businesses that work with any type of personal information (monetary, identifiable) require some type of two-factor authentication, even if it is by means of security questions, a picture, or a sequence of numbers a person would input along with their password. Two-factor authentication improves on normal password security, making it harder for criminals to gain access to information.