What is Multi Factor Authentication?
What is Multi Factor Authentication?
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. This process is done to better protect both the user's credentials and the resources the user can access. Two-factor authentication provides a higher level of security than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor -- typically, a password or passcode. Two-factor authentication methods rely on a user providing a password, as well as a second factor, usually either a security token or a biometric factor, such as a fingerprint or facial scan.
Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because knowing the victim's password alone is not enough to pass the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data, and online service providers are increasingly using 2FA to protect their users' credentials from being used by hackers who have stolen a password database or used phishing campaigns to obtain user passwords.
What are authentication factors?
There are several different ways in which someone can be authenticated using more than one authentication method. Currently, most authentication methods rely on knowledge factors, such as a traditional password, while two-factor authentication methods add either a possession factor or an inherence factor.
Authentication factors, listed in approximate order of adoption for computing, include the following:
- A knowledge factor is something the user knows, such as a password, a PIN (personal identification number) or some other type of shared secret.
- A possession factor is something the user has, such as an ID card, a security token, a cellphone, a mobile device or a smartphone app, to approve authentication requests.
- An inherence factor, more commonly called a biometric factor, is something inherent in the user's physical self. These may be personal attributes mapped from physical characteristics, such as fingerprints authenticated through a fingerprint reader. Other commonly used inherence factors include facial and voice recognition. They also include behavioral biometrics, such as keystroke dynamics, gait or speech patterns.
- A location factor, usually denoted by the location from which an authentication attempt is being made, can be enforced by limiting authentication attempts to specific devices in a particular location or, more commonly, by tracking the geographic source of an authentication attempt based on the source Internet Protocol (IP) address or some other geolocation information, such as Global Positioning System (GPS) data, derived from the user's mobile phone or other device.
- A time factor restricts user authentication to a specific time window in which logging on is permitted and restricts access to the system outside of that window.
It should be noted that the vast majority of two-factor authentication methods rely on the first three authentication factors, though systems requiring greater security may use them to implement multifactor authentication (MFA), which can rely on two or more independent credentials for more secure authentication