Multi-factor authentication

The two-factor authentication ( 2FA short ) is the proof of identity of a user by means of the combination of two different components. This may be something that he knows something that he owns, or something that belongs inseparably to him. The daily life is known eg from ATMs. Only the combination of bank card and PIN provides transaction.

Components

The two-factor authentication to prove identity is only functional when both factors are needed and used are correct. One component is missing or is used incorrectly, the identity can not be established beyond doubt. The access that is protected by two-factor authentication is denied. The factors may include:

  • Something that is possessed by the user: for example, a token (USB stick etc. ), a bank card, a key and the like.
  • Something the user knows: eg his username, password, PIN, SSN and the like, as well.
  • Something that is an inseparable part as a physical characteristic of the user: for example, a fingerprint, the iris (Iris ) of his eye, his voice and the like.

Token Lose two-factor authentication

If authentication is performed on something that has the person, plus another factor that results in a major drawback: The original token must be carried anywhere. If the object stolen, lost, or the user has it simply not there, access is impossible. In addition, costs arise: firstly, at the initial purchase, the other in replacements.

Order to avoid these obstacles out of the way, the token -less two-factor authentication has been developed as an alternative. It uses mobile devices such as cell phones and smartphones as a component " something that has the user ". If the user wants to authenticate, he uses his personal access license ( that is, something that only he knows ) plus a one-time- dynamic passcode consisting of digits. He receives this code by SMS, email or through an appropriate app on their mobile device. The advantage of this method: An additional token is superfluous, since the mobile device in many people already is a constant companion. Some professional two-factor authentication solutions ensure that there is always standing by a valid passcode. If the user uses a sequence of digits, it is automatically deleted and the system will send a new code to the mobile device. Will the new is not entered within a specified time limit, the system replaces it automatically. In this way, no old, already used codes are maintained on the mobile device. For added security, you can specify how many incorrect entries will be tolerated before the system locks the access.

Advantages of token -less two-factor authentication

  • Dynamically generated passcodes are thanks to constant change safer than fixed (static ) log-in information
  • Depending on the solution: pass codes used are automatically replaced by a current code is always ready; acute transfer problems are therefore no obstacle to logins
  • Set number of maximum false entries reduces the risk of attacks by unauthorized persons
Security-Token
838068
de