What is Two-Factor Authentication?

Understanding what two-factor authentication is and how it works

Two-factor authentication is a more secure method of verifying or validating your identity.

Authentication is an important aspect of computer security. In order for your PC, or an application, or a web site to determine whether or not you are authorized access it must first be able to determine who you are. There are three basic ways to establish your identity with authentication:

  1. what you know
  2. what you have
  1. who you are

The most common method of authentication is the username and password. This may seem like two factors, but both the username and the password are 'what you know' components and the username is generally public knowledge or easily guessed. So, the password is the only thing standing between an attacker and impersonating you.

Two-factor authentication requires using two different methods, or factors, to provide an additional layer of protection. Typically, two-factor authentication involves using either 'what you have' or 'who you are' in addition to the standard username and password ('what you know'). Below are some quick examples:

  • What you have. This method usually relies on a smartcard, USB thumbdrive, or some other type of object which the user must have in order to authenticate. Smartcards and USB drives must be physically inserted into the computer in order to authenticate. There are also encryption tokens which display randomly changing pin codes that the user must enter in order to authenticate. In either event, an attacker would have to know your password ('what you know'), and also be in physical possession of your token or smartcard ('what you have') in order to authenticate as you.
  • Who you are. Who you are is difficult to impersonate. A rudimentary form of 'who you are' authentication is a photo ID. Providing an official ID which can be verified as being yours by virtue of your photo being on it meets both 'what you have' and 'who you are' criteria. However, a photo ID isn't very functional when dealing with computer access. Biometrics are a common form of 'who you are' authentication. Many characteristics are unique to each individual such as fingerprints, retina patterns, handwriting style, voice pattern, etc. An attacker may be able to guess or crack your password, but impersonating your fingerprint or retina pattern is virtually impossible.

    By requiring a 'what you have' or 'who you are' factor in addition to the standard username and password, two-factor authentication provides substantially better security and makes it much more difficult for an attacker to impersonate you and access your computer, accounts, or other resources.