WHAT IS TWO-FACTOR AUTHENTICATION?
Two-factor authentication (2FA) is an authentication method that requires a user to provide exactly two factors of verification in order to be granted access to a website, application, or resource.
2FA is a subset of multi-factor authentication (MFA).
2FA vs. MFA: What's the difference?
2FA is identified by the presence of exactly two factors of verification (e.g., password and mobile push authentication), whereas MFA is identified by the presence of at least two factors (e.g., password, mobile push authentication, and biometric verification).
In other words, 2FA is a form of MFA.
Should I use 2FA or MFA?
Using one form of authentication (e.g. a password) is not enough. As usernames and passwords have proven to be vulnerable to attack, organizations wishing to enhance their security have turned to 2FA/MFA to ensure a higher degree of confidence and potential to allow authenticated users to access websites, applications, and resources.
Depending on your needs, adding only one additional layer of authentication may be enough security (i.e. 2FA). However, adding more factors to your authentication process does increase the level of security by introducing a mix of authentication factors every time a user requests access to something:
- Knowledge: something the user knows.
- Possession: something the user has.
- Biometric: something the user is.
- Location: somewhere the user is.
What are the most common authenticators/authentication tokens?
- Transparent Authentication
- Physical Form Factor Authentication
- Non-Physical Form Factor Authentication
Transparent authenticators that validate users without requiring day-to-day involvement.
- Digital Certificates
- Device Authentication
Tangible devices that users carry and use when authenticating.
- One-Time Passcode (OTP) Tokens
- Display Card
- Grid Authentication
- One-Time Passcode List
Methods of verifying user identities without requiring them to carry an additional physical device.
- Knowledge-Based Authentication
- Out-of-Band Authentication
- Mobile Smart Credentials
- SMS Soft Tokens