Two factor authentication, sometimes called 2FA, requires that two different pieces of information be presented in order to allow access to a system. Which two forms of authentication will vary from system to system, but there are several common methods we’ll look at below.
The most common one that people are familiar with would be using your Debit Card. Here you have to swipe/insert your debit card (a physical device) into a card reader, and then you have to enter a preassigned PIN (a knowledge item) into the reader. Only by having both of these items (debit card and PIN) can you withdraw your money from the ATM or pay for your goods at the store.
In working with a computer system, whether via a website or physically at a computer, you generally will have your user name, and then your password as your first authenticating factor. This isn’t consider two factor, since the username is (easily) known. However, the password is generally the first authentication method, and relies on a knowledge system. i.e. you should know your password.
The more sensitive the system, the more likely you are to have to use a two factor, or greater, authentication.
For example, imagine the hassle of using two authentications every time you went to check your Facebook or Twitter feed. You’d probably use it less. However, imagine the hassle of someone hacking your bank password, and doing an electronic fund transfer. This is why 2FA is often used with financial institutions.
The second factor will generally be one of the following types:
Knowledge Base – Some systems will ask you a second authentication question (like your mother’s maiden name, town where you grew up, or favorite food), to complete the two factor authentication. The biggest issue with many of these knowledge based answers, is that they are easy enough to figure out. That’s why they are not widely used.
One Time Password (OTP) – When you sign in you will be sent a second password. Typically as a text message to your phone. You will have a short period of time to enter this second password to gain full access to the system.
Token – This method has three boxes for you to enter. Your user name, a password, and then a secondary password. This password is algorithmic-ally generated by a hardware device, or installed software, and only when all three items align are you allowed full access.
Hardware Token – A secondary device has to be plugged into the main computer to allow access. Usually this is USB key. This allows it to blend in with any other USB memory stick, but without it and the user name/password, you cannot get full access to the system. This was more common with systems that couldn’t leave an office, or were not web accessible.
Biometrics – Here, in addition to a PIN, or password, the phone, laptop, etc. will require a retinal (eye) or finger print scan to allow access. A common example of this is seen in movies where the super secret spy room requires a retinal scan, hand scan, and/or a PIN.
Of course, there is no limit to the number of authentication factors one could use. Two factor just uses two forms, but it is a sub-set of a multi-factor authentication system which allows you to use any numerous forms of authentication.