Two-Factor Authentication

Let’s get down to a more fundamental part before hitting the actual theme which is the first factor of authentication. In any authentication, there can be many factors around. The most basic authentication method is what we IT security people call it, One-Factor Authentication. This type of authentication is done by authenticating something that you know. An example to this is your username and password. These are the items that you know and the server knows as well to authenticate you into the system as an authorized person.

What is Two-Factor Authentication?
Two-Factor Authentication (also abbreviated as 2FA) is a form of authentication where it authenticates something you have apart from the One-Factor Authentication. In this type of authentication, there will be a requirement where you need to present what you have that the server know before being authenticated. There are many 2FA products in the market now and also many types of 2FA products. A few of the popular one are PKI USB Token, OTP Token and also Smart Card. These hardware will provide another piece of information that is required to succeed the authentication.

Why Two-Factor Authentication?
Better Security. Having only One-Factor, attacker who knows your username and password can always authenticate themselves in until you change your password. It can also help out in preventing any brute force password attack. 2FA has already been a popular and famous requirement in any banking industry especially performing a banking transaction. Sometimes it can be inconvenient however, people still can accept the level of inconvenience due to the poor security of having only one authenticating method.

How Two-Factor Authentication Works?
Well, even though there are various type of 2FA product in market, each type of product works the same way where during any authentication, the user will be required to provide his/her username, password and the second factor here. For OTP type of 2FA, the second factor is the random number generated with the device. While for the PKI USB Token, it is to plug in the token and perform a digital signature on the transaction and then send to the server for verification. Any critical authentication should not work if the second factor is not presented.

And The Conclusion Is?
The conclusion here is that, two factor is the second factor of authentication where it authenticates what you have. There is also existence of Three-Factor Authentication where it authenticates what you are as the sequence of technology below:
  • First Factor – What you know.
  • Second Factor – What you have.
  • Third Factor – What you are.
An example of Three-Factor Authentication here is fingerprint or facial scan. The third factor however is quite inconvenience to implement and it is very costly. Therefore, 2FA is the best so far in IT security juggling the balance of convenience and security. Do take note  that 2FA is still vulnerable to Man in the Middle attack to certain types of 2FA product and Man in the Browser attack for all the 2FA product. You can refer to those two entries on how to prevent from being attacked or hacked.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. TrueCrypt: Protecting Data The Free Way
  2. Man In The Middle
  3. Man In The Browser
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.


  1. shamtest says:

    I can’t seem to be able to reach this post from my droid!

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)