Two-factor, or multi-factor identification, is an important security featured used by many companies to protect access to assets and information. It is commonly used to protect the information on merchant accounts, customer payments, and with business that accept credit cards. A two-factor system uses two of the three common identification factors. Both must pass before access is allowed.
1. Something the user knows.
The first and most common factors are knowledge factors, or something the person knows. This can be a unique password, ID number or bit of personal information. There may also be more than one piece of this factor, and the user must know all the pieces of information. This is also one of the easiest factors to breach through hacking or by gaining personal knowledge about the user. That is why it is not used in isolation when protecting very sensitive data.
2. Something the user has.
This is a physical factor such as a key or card. It may also be a device that It is more difficult to breach because the intruder would have to ether steal the original or have enough information about the original to duplicate it exactly.
3. Something the user is.
This is a more recent addition to the list of factors because it generally requires the most technology to enforce. This is often a biometrics factor, such as a fingerprint, retina scan or voice identification. This factor is the most difficult of all factors to reproduce.
Why Use a Two-Factor System?
Each of the three factors has weaknesses. Every time one of the factors is combined, it makes the security that much better because it requires the intruder to have that much more information. Combining a knowledge factor with one of the other two is often the best approach because it requires the intruder to have both information and a physical item or an alteration to their physical body.
Common Applications of Two-Factor Authorization
1. The ATM
This is perhaps the most common two-factor authorization system. To use an ATM, the user must have both their ATM card, which is unique to them, and their memorized PIN. If the card is lost, the account is still safe because the finder will not know the PIN. If someone hacks the PIN, they cannot use it without the card.
2. Mobile Phones
Phones allow many merchants and business that accept credit cards, such as Google and Amazon, to have a two-factor authorization process for payments. The user must log in using a name and password. A unique text or message is then sent to their mobile phone that they must enter to proceed. Assuming that they are the only ones with access to this phone, it becomes the physical factor utilized electronically.