two-factor authentication

(redirected from Strong authentication)

two-factor authentication

The use of two independent mechanisms to verify the identity of a user. There are four authentication factors as follows:

1. What you know (password, PIN, personal data).

2. What you have (private cryptographic key, authentication token).

3. What you are (biometric scan).

4. What you do (speak a phrase, hand write a signature).

Any two of the four are used in two-factor authentication (2FA); for example, using a password with a token (1 and 2) or a password and fingerprint scan (1 and 3). A password and security question such as "what is your grandmother's maiden name" may be two factors, but they both fall into the "what you know" category, and both could be acquired illegally from the same website. One factor from two different categories is more secure.

Cellphone Second-Factor Codes
Another common two-factor method is that after users log in with a password, a code is texted to their cellphone ("what you have"). Copying that security code from the phone into the login process provides the second factor. See FIDO, authentication, smart card, password and one-time password.
References in periodicals archive ?
With the use of the Secfense User Access Security Broker and Cherry's biometrics hardware businesses can now take advantage of WebAuthn standard and introduce strong authentication methods in minutes, without interfering in the application code.
Veridium is a provider of the development of strong authentication solutions instead of traditional passwords, PINs, and tokens.
There is an industry need for strong authentication with simplicity without breaking the bank.
The report claimed strong authentication has traditionally been synonymous with multifactor authentication.
Thankfully, the advent of next generation strong authentication techniques combined with new enabling technologies in mobile devices avoids this issue and in doing so maintains a seamless user experience.
The collaboration between Gemalto and Orange Business Services provides end-to-end access to Gemalto's multi-tier, multi-tenant cloud-based strong authentication service over the Orange IP VPN.
EgisTec's strong authentication solution empowered by Acer's BYOC will provide sensitive and privacy data protection for the customers' high security level web services.
Selva Selvaratnam, Senior Vice President and Chief Technology Officer, HID Global also anticipates a decline in the use of passwords for securing resources as organisations extend strong authentication across their IT infrastructure and out to the door.
"We're looking at things like derived credentials and how can we still do strong authentication in that particular environment.
After examining different IT solutions and services in the market, BOCHK appointed Automated as the systems integrator to manage the entire deployment of the VASCO and i-Sprint solutions for the Strong Authentication and Data Signing functions, as well as after-sales maintenance for the solution.
The bottom line with defending country CN Is is that you cannot control--and document--the use of encryption and strong authentication without effective key and certificate management," he said.