What is two-factor authentication and why is the used?

Two-factor authentication (2FA), periodically referred to as two-step confirmation or dual-factor authentication, is a security procedure in i m sorry users provide two different authentication components to verify themselves.

You are watching: Which of the following is an example of two-factor authentication

2FA is implemented to far better protect both a user"s credentials and the sources the user deserve to access. Two-factor authentication offers a greater level of protection than authentication techniques that depend on single-factor authentication (SFA), in i beg your pardon the user gives only one factor -- typically, a password or passcode. Two-factor authentication methods rely top top a user providing a password as the first factor and also a second, various factor -- usually either a protection token or a biometric factor, such together a fingerprint or face scan.

Two-factor authentication adds secondary layer of protection to the authentication process by making it harder for attackers to gain accessibility to a person"s tools or online accounts because, also if the victim"s password is hacked, a password alone is not enough to pass the authentication check.


Two-factor authentication has long been supplied to control accessibility to sensitive systems and also data. Online service providers are significantly using 2FA to protect their users" credentials from being supplied by hackers who stole a password database or used phishing projects to attain user passwords.


This post is part of

What is identity and access management? overview to IAM

Which likewise includes:

What are authentication factors?

There space several means in i m sorry someone can be authenticated using much more than one authentication method. Currently, many authentication approaches rely on expertise factors, such together a traditional password, while two-factor authentication methods include either a possession element or an inherence factor.

Authentication factors, detailed in almost right order of fostering for computing, encompass the following:

A time variable restricts user authentication to a specific time home window in which logging on is permitted and restricts access to the system exterior of that window.

The vast bulk of two-factor authentication approaches rely ~ above the very first three authentication factors, though solution requiring higher security may use them come implement multifactor authentication (MFA), which have the right to rely on 2 or an ext independent credentials for more secure authentication.

How go two-factor authentication work?

Enabling two-factor authentication varies relying on the certain application or vendor. However, two-factor authentication processes involve the exact same general, multistep process:

The user is motivated to log in through the application or the website. The user start what they recognize -- usually, username and password. Then, the site"s server finds a match and also recognizes the user. For processes that don"t call for passwords, the website generates a distinct security crucial for the user. The authentication tool procedures the key, and also the site"s server validates it. The site then prompts the user come initiate the second login step. Return this step have the right to take a variety of forms, the user has to prove that they have actually something only they would have, such together biometrics, a defense token, an identifier card, a smartphone or various other mobile device. This is the inherence or possession factor. Then, the user may have to go into a one-time password that to be generated during step four. After providing both factors, the user is authenticated and also granted accessibility to the application or website.

Elements the two-factor authentication

Two-factor authentication is a kind of MFA. Technically, that is in use any kind of time 2 authentication factors are required to gain accessibility to a mechanism or service. However, making use of two determinants from the same category doesn"t constitute 2FA. Because that example, requiring a password and a shared mystery is still thought about SFA as they both belong to the understanding authentication variable type.

*
2FA entails two of three potential authentication factors.

As far as SFA services go, usernames and also passwords space not the most secure. One trouble with password-based authentication is it requires knowledge and also diligence come create and also remember solid passwords. Passwords require defense from many insider threats, such as carelessly stored difficult notes through login credentials, old tough drives and also social engineering exploits. Passwords are also prey to outside threats, such together hackers using brute-force, dictionary or rainbow table attacks.

Given enough time and resources, one attacker deserve to usually breach password-based security systems and also steal this firm data. Passwords have actually remained the most common form of SFA because of your low cost, ease of implementation and also familiarity.

Multiple challenge-response questions can provide an ext security, depending on how they space implemented, and also standalone biometric verification methods can also carry out a more secure technique of SFA.

Types the two-factor authentication products

There are many different devices and also services for implementing 2FA -- native tokens come radio frequency to know (RFID) cards to smartphone apps.

Two-factor authentication commodities can be split into two categories:

tokens the are offered to users to use once logging in; and infrastructure or software program that recognizes and also authenticates access for customers who space using their tokens correctly.

Authentication tokens may be physical devices, together as an essential fobs or smart cards, or they may exist in software application as mobile or desktop apps that create PIN codes for authentication. These authentication codes, likewise known together one-time passwords (OTPs), are usually generated by a server and can be well-known as yes, really by one authentication device or app. The authentication password is a short sequence linked to a certain device, user or account and also can be supplied only when as part of one authentication process.

Organizations need to deploy a device to accept, process and enable or deny accessibility to individuals authenticating with their tokens. This might be deployed in the kind of server software program or a dedicated hardware server, too as noted as a organization by a third-party vendor.

An important facet of 2FA is ensuring the authenticated user is given accessibility to all sources the user is authorized for and only those resources. As a result, one key function of 2FA is linking the authentication system with one organization"s authentication data. Microsoft provides some that the infrastructure important for institutions to support 2FA in windows 10 through Windows Hello, which can operate with Microsoft accounts, and authenticate users through Microsoft active Directory, Azure advertisement or fast IDentity virtual (FIDO).

How 2FA hardware tokens work

Hardware tokens because that 2FA are easily accessible supporting various approaches to authentication. One famous hardware token is the YubiKey, a little Universal Serial Bus (USB) machine that supports OTPs, public crucial encryption and also authentication, and also the Universal second Factor protocol arisen by the FIDO Alliance. YubiKey tokens are sold by Yubico Inc., based in Palo Alto, Calif.

When users v a YubiKey log in come an online service that support OTPs -- such together Gmail, GitHub or WordPress -- lock insert their YubiKey into the USB port of your device, go into their password, click in the YubiKey field and also touch the YubiKey button. The YubiKey generates an OTP and enters it in the field.

The OTP is a 44-character, single-use password; the first 12 personalities are a distinct ID the represents the security vital registered v the account. The remaining 32 characters contain info that is encrypted making use of a an essential known only to the maker and Yubico"s servers, created during the initial account registration.

The OTP is sent from the online organization to Yubico for authentication checking. As soon as the OTP is validated, the Yubico authentication server sends back a article confirming this is the right token because that this user. 2FA is complete. The user has detailed two factors of authentication: The password is the understanding factor, and also the YubiKey is the possession factor.

Two-factor authentication because that mobile devices

Smartphones market a selection of 2FA capabilities, permitting companies to usage what works best for them. Some gadgets can identify fingerprints, use the built-in camera for facial recognition or iris scanning, and also use the microphone because that voice recognition. Smartphones equipped with general practitioners can verify location as second factor. Voice or quick Message company (SMS) may additionally be supplied as a channel for out-of-band authentication.

A trusted phone number can be used to receive verification password by text post or automated call call. A user has to verify at the very least one trusted phone number to enroll in mobile 2FA.

Apple iOS, Google Android and also Windows 10 all have apps that support 2FA, allowing the phone itself to offer as the physical machine to meet the possession factor. Duo Security, based in Ann Arbor, Mich., and purchased through Cisco in 2018 for $2.35 billion, has actually a platform that allows customers to use their trusted devices for 2FA. Duo"s platform an initial establishes the a user is trusted before verifying the mobile maker can also be trusted together an authentication factor.

Authenticator apps change the need to achieve a verification code via text, voice speak to or email. For example, to access a website or web-based business that supports Google Authenticator, users form in their username and password -- a knowledge factor. Users space then prompted to enter a six-digit number. Rather of having actually to wait a couple of seconds to receive a message message, an authenticator generates the number because that them. These numbers readjust every 30 seconds and also are various for every login. By beginning the exactly number, users complete the verification procedure and prove possession the the correct maker -- an ownership factor.

See more: Metro Boomin Want Some More Sample, Nicki Minaj Feat

These and also other 2FA products offer information on the minimum mechanism requirements vital to carry out 2FA.

*
Biometric authentication has come to be an increasingly famous option on mobile devices.