What is two factor authentication and how is it different from single factor authentication?
Two factor authentication (2FA) is a security measure in which users provide two different factors of authentication to verify themselves to a system or device. Organizations and individuals implement two factor authentication to better protect credentials of entities and the resources the entities may access and operate. Furthermore, it is employed to protect sensitive and critical organizational assets. It provides a higher level of protection than authentication techniques that apply single factor authentication (SFA). Unlike two factor authentication, single authentication requires entities to enter only one authentication factors.
The most common authentication factors entities employ to protect and secure assets include “Something the user know”, “Something the user knows”, “Something the user is”, “Something the user do”, and “Somewhere the user/device is located”.
- Something you know: requires the users to memorize the credentials such as password, passphrase, and personal identification number (PIN). Passwords the most common example of “Something you know” based authentication factor. Moreover, the users should be able to remember their password and enter it into a system during an authentication process. And passwords should be complex and strong in order to achieve its requirements
- Something you have: physical or logical devices that a user possesses and use it for authentication to systems. Common examples include ID card, security token, smartcards, mobile device, memory card, and USB sticks
- Something you are: physiological characteristics of a person and mostly biometrics based authentication. Common examples of something you are factor include fingerprints, retina patterns scan, iris patterns scan, hand geometry, face scans, and palm scans
- Something you do: based on what users do such as keystroking, walking, traditional signature, etc.
- Somewhere you are: identifies a subject’s location based on specific device such as computer, mobile device, time zone, or IP address geographic location using geolocation technologies like GPS (Global positioning system). It works by identifying the location from which an authentication attempts happen.