two-factor authentication
The use of two independent mechanisms to verify the identity of a user. There are four authentication factors as follows:1. What you know (password, PIN, personal data).
2. What you have (private cryptographic key, authentication token).
3. What you are (biometric scan).
4. What you do (speak a phrase, hand write a signature).
Any two of the four are used in two-factor authentication (2FA); for example, using a password with a token (1 and 2) or a password and fingerprint scan (1 and 3). A password and security question such as "what is your grandmother's maiden name" may be two factors, but they both fall into the "what you know" category, and both could be acquired illegally from the same website. One factor from two different categories is more secure.
Cellphone Second-Factor Codes
Another common two-factor method is that after users log in with a password, a code is texted to their cellphone ("what you have"). Copying that security code from the phone into the login process provides the second factor. See FIDO, authentication, smart card, password and one-time password.
 |
| Cellphone 2FA |
|---|
| Cellphone two-factor authentication is increasingly used for financial transactions. The transmitted verification code is only valid for a short period of time before it expires. |
 |
| A Backup for 2FA |
|---|
| In this situation, users are given a temporary authentication code in case the phone were ever lost. |
Copyright © 1981-2025 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.