Two-Factor Authentication (also abbreviated as 2FA) is a form of authentication where it authenticates combining the one factor authentication with another factor regardless of software or hardware. In this type of authentication, there will be a requirement where you need to present what you have that the server know before being authenticated. There are many 2FA products in the market now and also many types of 2FA products. A few of the popular one are PKI USB Token, OTP Token and also Smart Card. These hardware will provide another piece of information that is required to succeed the authentication.
Two-Factor Authentication (also abbreviated as 2FA) is a form of authentication where it authenticates combining the one factor authentication with another factor regardless of software or hardware. In this type of authentication, there will be a requirement where you need to present what you have that the server know before being authenticated. There are many 2FA products in the market now and also many types of 2FA products. A few of the popular one are PKI USB Token, OTP Token and also Smart Card. These hardware will provide another piece of information that is required to succeed the authentication.
Why Two-Factor Authentication?
Better Security. Having only One-Factor, attacker who knows your username and password can always authenticate themselves in until you change your password. It can also help out in preventing any brute force password attack. 2FA has already been a popular and famous requirement in any banking industry especially performing a banking transaction. Sometimes it can be inconvenient however, people still can accept the level of inconvenience due to the poor security of having only one authenticating method.
How Two-Factor Authentication Works?
Well, even though there are various type of 2FA product in market, each type of product works the same way where during any authentication, the user will be required to provide his/her username, password and the second factor here. For OTP type of 2FA, the second factor is the random number generated with the device. While for the PKI USB Token, it is to plug in the token and perform a digital signature on the transaction and then send to the server for verification. Any critical authentication should not work if the second factor is not presented.
And The Conclusion Is?
The conclusion here is that, two factor is the second factor of authentication where it authenticates what you have. There is also existence of Three-Factor Authentication where it authenticates what you are as the sequence of technology below:
First Factor - What you know.
Second Factor - What you have.
Third Factor - What you are.
An example of Three-Factor Authentication here is fingerprint or facial scan. The third factor however is quite inconvenience to implement and it is very costly. Therefore, 2FA is the best so far in IT security juggling the balance of convenience and security. Do take note that 2FA is still vulnerable to Man in the Middle attack to certain types of 2FA product and Man in the Browser attack for all the 2FA product. You can refer to those two entries on how to prevent from being attacked or hacked.