Multi-factor authentication is an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). It protects the user from an unknown person trying to access their data such as personal ID details or financial assets.
What is Two-factor authentication [2FA]?
Two-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are. A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly-generated and constantly refreshing code which the user can use.
What is Two-step verification?
Two-step verification or two-step authentication is a method of confirming a user’s claimed identity by using something they know (password) and a second factor other than something they have or something they are.
Authentication factors
Authentication takes place when someone tries to log into a computer resource (such as a network, device, or application). The resource requires the user to supply the identity by which the user is known to the resource, along with evidence of the authenticity of the user’s claim to that identity. Simple authentication requires only one such piece of evidence (factor), typically a password. For additional security, the resource may require more than one factor—multi-factor authentication, or two-factor authentication in cases where exactly two pieces of evidence are to be supplied.
The use of multiple authentication factors to prove one’s identity is based on the premise that an unauthorized actor is unlikely to be able to supply the factors required for access. If, in an authentication attempt, at least one of the factors are missing or supplied incorrectly, the user’s identity is not established with sufficient certainty and access to the asset (e.g., unlock a door, or access data) being protected by multi-factor authentication then remains blocked.
The authentication factors of a multi-factor authentication scheme may include:
- Something you have: Some physical object in the possession of the user, such as a security token (USB stick), a bank card, a key, etc.
- Something you know: Certain knowledge only known to the user, such as a password, PIN, etc.
- Something you are: Some physical characteristic of the user (biometrics), such as a fingerprint, eye iris, voice, typing speed, pattern in key press intervals, etc.
- Somewhere you are: Some connection to a specific computing network or using a GPS signal to identify the location.
