What is Two-Factor Authentication?
As the name implies, two-factor authentication requires two elements to be correctly supplied before allowing a user access to resources or information. It's not as simple as just asking for two different passwords, or correctly identifying an image after a password. Each item must test a different attribute of the user:
- Something only the user knows, such as a password or trivia question
- Something only the user possesses, such as an ID card or passcode fob
- Something only the user inherently is, such as their DNA or fingerprint
One of the most common and well-known examples of two-factor authentication is the debit card: a user must first present something that only they possess, the card, and then corroborate their identity with something that only they know, a PIN, before being allowed to access the bank account that the card is coded to.
Multi-Factor Authentication is the next step of security, which requires at least one proof of identity from each of the above categories.
Why is TFA More Secure?
Despite all of your best efforts, passwords can only be so secure. You can have a policy that requires letters, numbers, capitalization, special characters and more, and it will still only be as secure as the person who uses the password. They can write the password down, or give it to someone they think they can trust, or be tricked by malicious programs or scam artists to give it away. Enabling "super password" policies such as requiring a visual validation is only moderately more secure and has all of the same flaws.
You need to insist upon authentication measures that cannot be shared, intentionally or accidentally.
- Security passcode tokens are linked to your authentication services to display a semi-random number that changes often
- Various types of swipe cards have a number of different features such as a photo of the user or location tracking
- Biometric readers can be installed on any computer and instantly read the fingerprint of the user and compare it to their profile
- Smartphones can have applications installed on them to display secret codes for each authentication
- Any phone can have text messages with secret codes sent on demand
What if My Users Resist?
This is why the first step of implementing TFA is so important. To make sure that your security policy is as effective as possible, we need to understand the users that will be effected by it. Some users are concerned about having a record of their fingerprints stored anywhere, while others are not likely to carry around a keychain token.
Security is most effective when it takes into consideration the people who will be using it as much as any technical concerns. We understand users, and can help take any step necessary to ensure widespread adoption and integration of your security policies, including training.