Two-factor authentication (2FA) is a security process in which users provide two different authentication factors to verify themselves. It is implemented to better protect both a user's credentials and the resources the user can access. Two-factor authentication provides a higher level of security than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor -- typically, a password or passcode. Two-factor authentication methods rely on a user providing a password as the first factor and a second, different factor -- usually either a security token or a biometric factor, such as a fingerprint or facial scan.
Types of Two Step Verification:
Two step verification can either be:
Single factor 2SV — An example of this would be using your username/password as the first step and then an OTP you receive via an SMS text message.
Two factor 2SV — An example of this would be using your username/password combination as the first step and then a second factor (such as a randomly generated code from a cryptographic USB token) as the second step.
There are several ways in which someone can be authenticated using more than one authentication method. Currently, most authentication methods rely on knowledge factors, such as a traditional password, while two-factor authentication methods add either a possession factor or an inherence factor.
Authentication factors, listed in approximate order of adoption for computing, include the following:
A knowledge factor is something the user knows, such as a password, a personal identification number (PIN) or some other type of shared secret.
A possession factor is something the user has, such as an ID card, a security token, a cellphone, a mobile device or a smartphone app, to approve authentication requests.
A biometric factor, also known as an inherence factor, is something inherent in the user's physical self. These may be personal attributes mapped from physical characteristics, such as fingerprints authenticated through a fingerprint reader. Other commonly used inherence factors include facial and voice recognition or behavioral biometrics, such as keystroke dynamics, gait or speech patterns.
A location factor is usually denoted by the location from which an authentication attempt is being made. This can be enforced by limiting authentication attempts to specific devices in a particular location or by tracking the geographic source of an authentication attempt based on the source Internet Protocol address or some other geolocation information, such as Global Positioning System (GPS) data, derived from the user's mobile phone or other device.
A time factor restricts user authentication to a specific time window in which logging on is permitted and restricts access to the system outside of that window.