What is two-factor authentication and why is the used?

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users administer two various authentication determinants to verify themselves.

You are watching: Which of the following is an example of two-factor authentication

2FA is applied to far better protect both a user"s credentials and the resources the user can access. Two-factor authentication provides a higher level of protection than authentication approaches that rely on single-factor authentication (SFA), in i m sorry the user offers only one aspect -- typically, a password or passcode. Two-factor authentication techniques rely on a user offering a password together the first factor and also a second, different factor -- typically either a protection token or a biometric factor, such together a fingerprint or facial scan.

Two-factor authentication adds secondary layer of security to the authentication procedure by making that harder for attackers to gain access to a person"s tools or digital accounts because, also if the victim"s password is hacked, a password alone is not sufficient to pass the authentication check.

Two-factor authentication has actually long been offered to control access to sensitive systems and also data. Online service providers are progressively using 2FA to protect their users" credentials native being used by hackers who stole a password database or provided phishing campaigns to attain user passwords.


This post is part of

What is identity and access management? guide to IAM

Which likewise includes:

What room authentication factors?

There space several ways in i beg your pardon someone deserve to be authenticated using an ext than one authentication method. Currently, most authentication techniques rely on expertise factors, such together a timeless password, when two-factor authentication methods include either a possession variable or an inherence factor.

Authentication factors, noted in approximate order of fostering for computing, encompass the following:

A time element restricts user authentication to a specific time window in which logging on is permitted and also restricts access to the system exterior of that window.

The vast majority of two-factor authentication methods rely top top the first three authentication factors, though systems requiring greater security might use them to implement multifactor authentication (MFA), which can rely on two or more independent credentials for more secure authentication.


How does two-factor authentication work?

Enabling two-factor authentication varies depending upon the details application or vendor. However, two-factor authentication processes involve the very same general, multistep process:

The user is triggered to log in in by the application or the website. The user beginning what they know -- usually, username and password. Then, the site"s server find a match and also recognizes the user. For processes that don"t call for passwords, the website generates a unique security key for the user. The authentication tool processes the key, and the site"s server validates it. The site then prompts the user come initiate the second login step. Return this step have the right to take a number of forms, the user needs to prove that they have something only they would certainly have, such as biometrics, a protection token, an i would card, a smartphone or various other mobile device. This is the inherence or possession factor. Then, the user may have to enter a one-time password that to be generated throughout step four. After giving both factors, the user is authenticated and also granted accessibility to the applications or website.

Elements the two-factor authentication

Two-factor authentication is a type of MFA. Technically, it is in use any kind of time 2 authentication components are compelled to gain access to a device or service. However, making use of two factors from the same group doesn"t constitute 2FA. Because that example, request a password and a shared mystery is still taken into consideration SFA as they both belong come the understanding authentication aspect type.

*
2FA entails two of three potential authentication factors.

As far as SFA services go, usernames and passwords room not the most secure. One difficulty with password-based authentication is it needs knowledge and also diligence to create and remember strong passwords. Passwords require protection from countless insider threats, such together carelessly stored difficult notes through login credentials, old hard drives and social design exploits. Passwords are likewise prey to exterior threats, such as hackers making use of brute-force, dictionary or rainbow table attacks.

Given enough time and resources, one attacker have the right to usually breach password-based protection systems and steal corporate data. Passwords have remained the many common kind of SFA due to the fact that of your low cost, lull of implementation and also familiarity.

Multiple challenge-response questions have the right to provide an ext security, relying on how they room implemented, and also standalone biometric confirmation methods can also provide a more secure an approach of SFA.

Types that two-factor authentication products

There are plenty of different devices and services for implementing 2FA -- native tokens to radio frequency identification (RFID) cards come smartphone apps.

Two-factor authentication products can be split into 2 categories:

tokens that are offered to individuals to use when logging in; and also infrastructure or software that recognizes and authenticates access for users who are using your tokens correctly.

Authentication tokens may be physical devices, such as key fobs or smart cards, or they might exist in software as mobile or desktop apps that create PIN codes for authentication. These authentication codes, also known together one-time passwords (OTPs), room usually produced by a server and can be known as authentic by an authentication machine or app. The authentication password is a quick sequence linked to a specific device, user or account and can be supplied only as soon as as component of an authentication process.

Organizations should deploy a device to accept, process and allow or deny accessibility to individuals authenticating with their tokens. This might be deployed in the kind of server software or a devoted hardware server, as well as listed as a company by a third-party vendor.

An important element of 2FA is ensuring the authenticated user is given accessibility to all sources the user is approved for and only those resources. Together a result, one crucial function the 2FA is linking the authentication device with an organization"s authentication data. Microsoft offers some of the infrastructure important for establishments to support 2FA in windows 10 v Windows Hello, which can operate through Microsoft accounts, and authenticate users v Microsoft energetic Directory, Azure ad or rapid IDentity virtual (FIDO).

How 2FA hardware tokens work

Hardware tokens because that 2FA are obtainable supporting various approaches to authentication. One well-known hardware token is the YubiKey, a small Universal Serial Bus (USB) maker that supports OTPs, public key encryption and authentication, and also the Universal 2nd Factor protocol occurred by the FIDO Alliance. YubiKey tokens are offered by Yubico Inc., based in Palo Alto, Calif.

When users v a YubiKey log in to an online organization that supports OTPs -- such as Gmail, GitHub or WordPress -- they insert your YubiKey into the USB port of their device, enter their password, click in the YubiKey field and touch the YubiKey button. The YubiKey generates one OTP and enters that in the field.

The OTP is a 44-character, single-use password; the very first 12 personalities are a distinctive ID the represents the security crucial registered with the account. The remaining 32 characters contain info that is encrypted using a an essential known only to the an equipment and Yubico"s servers, established during the early account registration.

The OTP is sent from the online organization to Yubico because that authentication checking. When the OTP is validated, the Yubico authentication server sends back a post confirming this is the right token because that this user. 2FA is complete. The user has provided two factors of authentication: The password is the understanding factor, and also the YubiKey is the possession factor.

Two-factor authentication because that mobile devices

Smartphones sell a selection of 2FA capabilities, permitting companies to use what works best for them. Some gadgets can identify fingerprints, use the built-in camera for facial recognition or iris scanning, and use the microphone because that voice recognition. Smartphones equipped with gps can verify location as secondary factor. Voice or short Message organization (SMS) may additionally be offered as a channel for out-of-band authentication.

A reliable phone number deserve to be used to get verification codes by text article or automated call call. A user needs to verify at least one reliable phone number to enroll in mobile 2FA.

Apple iOS, Google Android and Windows 10 all have apps that support 2FA, allowing the phone chin to serve as the physical device to satisfy the possession factor. Duo Security, based in Ann Arbor, Mich., and also purchased by Cisco in 2018 for $2.35 billion, has a communication that allows customers to use their trusted devices for 2FA. Duo"s platform first establishes that a user is trusted prior to verifying the mobile machine can likewise be trusted together an authentication factor.

Authenticator apps replace the require to achieve a verification code via text, voice speak to or email. Because that example, to access a website or web-based business that supports Google Authenticator, users kind in your username and also password -- a understanding factor. Users room then motivated to enter a six-digit number. Instead of having to wait a couple of seconds to get a message message, an authenticator generates the number for them. These numbers change every 30 seconds and are various for every login. By beginning the exactly number, users complete the verification procedure and prove possession that the correct device -- an ownership factor.

See more: Leveraged Buyout: What Makes A Good Lbo Candidate ? The Ideal Lbo Candidate

These and also other 2FA products offer details on the minimum device requirements crucial to implement 2FA.

*
Biometric authentication has end up being an increasingly renowned option on cell phone devices.