What is Two-Factor Authentication?


Two-factor authentication is a user authentication system where an user needs to provide two different factors to authorize the user’s identity. It is not a new concept and in many places we are knowingly or unknowingly using it for secure access.

 

There could be multiple factors too and that known as Multi-factor authentication. Today in this post we will learn basics about this type of authentication system.

 

 

As I mentioned above, two-factor and multi-factor authentications are not new. We are commonly using it in multiple places where we have strong security concerns. For example, your debit card or credit card. That also uses a two-factor authentication system. You can take example of your banking transactions too.

 

Here you might ask me how these are related to such two-factor authentication. Ok, lets take the example of debit/ATM card that you use in ATM machines. You present the card which has a magnetic stripe which poses your card information and accepts that you are the owner of the card. Then you need to provide your ATM pin in order to authenticate your self as the true owner of the card, which is only known to you. This is the second authentication system that the ATM processes.

 

Let’s take another example of two-factor authentication. When you do banking transactions online, sometime you provide a Transaction password though you are authenticated to the system, sometime the bank sends you an automated SMS to your registered mobile no. in order to authenticate your identity. These are also the example of two-factor authentication mechanism.

 

There are three different kind of form factors available to authenticate the user’s identity and they are:

      1. Knowledge Factor
      2. Inherence Factor
      3. Possession Factor

Let’s discuss about those form factors to know more about the authentication system. After reading that, you will easily identify which one you are using while verifying your identity to keep your account secure.

 

Knowledge Factor

ATM Pin

Knowledge Factor is a way of authentication where the system identifies the user by something that the user knows like password, pin etc. This is a commonly used authentication system which we generally use in most of the cases where we need to authenticate ourselves.

 

You can take example of your computer account, your personal mail accounts, social networking sites, banking domains etc. where you provide a password with your account name to authenticate yourself. The ATM pin is another example of this kind of system.

 

If you are using Windows 8, you might be aware of picture password. The picture password authenticates you by capturing a pattern from you. This is also an example of knowledge factor.

 

Here all kind of passwords and pins are only known to you (unless you kick out security issues by providing your credentials to another person). By using those the system authorizes your identity and grant you access to the system.

 

Inherence Factor

Finger print

Inherence Factor is a type of authentication system where the system identifies the user by a way where something that the user is. This kind of authentication are more stronger than the Knowledge Factor where the user is not physically present. For example finger prints, face recognition, retina scan, voice identification etc. are this type of authentication system.

 

An account password or pin can be remotely hacked by using the SQL Injection or a different kind of hacking system but if you use this kind of security, the hacker will not be able to hack your account unless you are present physically to the system.

 

The biometric methods like fingerprints, retina scan etc. are unique to an individual and hence has been used in many places in order to improve the security system where it requires.

 

Possession Factor

Flash Drive

Possession Factor is another type of authentication system where it identifies the user by accepting something that the user has. That includes a security tokens, smart cards, one time password, automated phone calls etc. as the security key to the system to identify the user.

 

If you are using VPN kind of stuffs, you might be already aware of the security token that you have as a soft file. A soft token can be present in an USB device which the user must have to present to authenticate.

 

If you are using online banking system, you might be presented a one time password (OTP) or an automated voice call to grant access to your identity.

 

Sometimes there are some RSA secure ID which is nothing but a secure code present in a RSA capable device. This kind of devices are mainly used in libraries to authenticate an user and issue books to that user.

 

Likewise a smart card is a card with a chip in-built within itself, a secure USB device with a certificate installed on it are also few examples of Possession Factor that you already have with you and you need to provide those to the system to identify you. Actually those are the keys that you need to unlock the system.

 

End Note

So today we learnt about two-factor authentication system and various core authentication factors named Knowledge Factor, Inherence Factor and Possession Factor. In order to secure your account many system uses combinations of those factors to grant the user access to the system.

 

In general case, we use one-factor authentication system where we need to provide either one of them to authorize our identity to the system. When two different factors compiled up to authenticate a user, that is known as two-factor authentication and when a system uses three or more factors listed above to keep the user account more secure, that is known as multi-factor authentication system.

 

A company like Google already uses two factor authentication system to keep their users account more secure from the hackers and recently Microsoft also rolls out this optional two-factor authentication system to add an extra check to their users accounts. If you want to enable the two-factor authentication system to your Microsoft accounts, you can do this from your account settings. I already thought to blog about it. Let’s discuss that some other day in a different post. Till then keep reading my other blog posts too.

 

Last but not least, subscribe to my blog’s RSS feed and email newsletter to get all the technical updates deliver directly to your inbox. I am available on Twitter, Facebook and Google+. If you didn’t yet connect with me, subscribe to my feeds to get updates and discuss technical stuffs. Drop a line below with your queries, suggestions and positive feedback to help me improve my knowledge and skills to come up with better articles for you in future.


If you have come this far, it means that you liked what you are reading. Why not reach little more and connect with me directly on Twitter , Facebook , Google+ and LinkedIn . I would love to hear your thoughts and opinions on my articles directly. Also, don't forget to share your views and/or feedback in the comment section below.

5 comments

  1. Wonderful your post and good information this blog

    ReplyDelete
    Replies
    1. Thank you for the feedback. I appreciate that.

      Delete
  2. Great post covering different factor & mechanism of authentication...

    Just would like to share my view with respect to two factor authentication & ATM/debit card example. I feel it is not example of two factor authentication, in ATM card, card is merely acting as a username and PIN is as a password. We can even compare it with public key/private key authentication that ATM card magnetic strip carries public key while PIN is act as private key.

    In two factor authentication, both credential are only know to actual owner or authenticated person and second factor of authentication is valid for temporary purpose or more specific it is valid for that particular transaction only.

    ReplyDelete
  3. Two Factor Authentication, also called 2FA, two step verification or TFA (being an acronym), is definitely an extra layer of security that's referred to as "multi factor authentication" that needs not just a password and username but additionally something which only, and just, that user is wearing them, i.e. a bit of information..

    ~Jessica Taylor

    ReplyDelete
  4. Hi Can you give me the example with code for this one

    ReplyDelete


 
© 2008-2016 Kunal-Chowdhury.com - Microsoft Technology Blog for developers and consumers | Designed by Kunal Chowdhury
Back to top