Term: Two-factor authentication

Two-factor authentication is a mechanism for verifying identity that relies on two different types of things, both of which must be correct, in order to allow access.

Traditionally, authentication has been in the form of something you know: i.e. a password, and perhaps the accompanying answers to a set of security questions. Since this is simply based on knowledge (if you know your password, you must be authorized to access this account) it’s easily transferred from one person to another – intentionally or otherwise.

The most common form of two-factor authentication adds something you have to the requirements. You must prove that you are in possession of something specific, something that is completely unique to you and of which there is only one.

A popular implementation of this is in the form of key-chain fobs or smartphone applications such as Google Authenticator, which present a six-digit number that changes every 30 seconds. That six-digit number is generated by a cryptographic algorithm and is tied to your account in such a way that only your device has the correct number for your account at any point in time. Because the algorithm used to generate the number is based on a form of cryptography, it’s not possible to predict the numbers that would be displayed without the secret keys held by the authentication system.

You then simply “prove” you have your phone or key-chain fob by entering the number displayed on it when requested.

Another factor that can be used is something you are, which typically boils down to facial recognition, fingerprint scanning, or other biometric measurement.

While each can be used in isolation – something you know, something you have, or something you are – as the very common “single factor authentication”, requiring more than one factor increases security dramatically. While two-factor authentication naturally requires two, it’s actually a subset of “multi-factor authentication”, which can require two or more.

« Back to Glossary Index