Two-factor authentication is a way to verify the identity of a person (or a user) using two independent pieces of information or two independent objects. Two-factor verification is a stronger and safer way of verification than a single factor authentication and thus helps to reduce the risk of misuse of authentication data. This second verification (e.g. using a token, touch ID, a confirmation code send to the cell phone, verification questions, etc.) can prevent misuse of a stolen password or a PIN code, for example.
What does two-factor verification mean in practice?
Two-factor authentication most often means that another element is added to the standard username + password combination. For example, it can be a verification code sent by SMS. In this case, it is assumed that the users keeps the phone with them at all times which makes it rather impossible for the attacker to steal it (physically) together with their password (on the internet). It can also be an authentication card, token, but also, for example, a fingerprint.
Two-factor authentication is always more demanding - not only for the person who assures such authentication but also for the person who uses it. However, this greater difficulty is redeemed by significantly higher security.
Basically, two-factor authentication can be a combination of any two authentication methods which can be of three kinds:
- based on what the subject knows (e.g. PIN code, password, passphrase)
- based on what the subject possesses (e.g. ID card or other identity document, payment card, key)
- based on who the subject is (e.g. biometric data such as fingerprints)
Two-factor authentication is also being used by some internet service providers. For example, Microsoft and Google ask their users for their phone number or a second email. They will make use of this information in case a user is taking a major action such as password change.