Two Factor Authentication is an approach to achieving stronger authentication security by requiring that two different authentication factors are presented by the entity being authenticated. It goes beyond just two step authentication which may use two means of authentication from the same factor. If one factor is compromised then adding more steps of the same factor may add little or no security. Two Factor Authentication provides stronger security by requiring that the two means of authentication be of different factors.
These factors are:
Knowledge Factor – something the entity knows such as a password or PIN
Possession Factor – something the entity possesses such as a key, an ATM card, a mobile phone or a token
Inherent Factor – something inherent to the entity such as a fingerprint or a retinal scan
Any authentication factor can be defeated in some way.
A password can be guessed or intercepted.
An ATM card can be stolen or a key copied.
A voiceprint can be recorded or a signature forged.
The different nature of each factor dictates that it be defeated in a different way. The strength of multi-factor authentication (MFA), of which two factor authentication (TFA) is a specific case, is that it adds to the complexity of defeating the authenticator beyond simply adding to the number steps required to defeat the authenticator.
Some examples of two factor authentication are:
Bank ATM Card (possession factor) plus a PIN (knowledge factor)
Password (knowledge factor) plus a one-time PIN texted to a mobile phone (possession factor)
Password (knowledge factor) plus a thumbprint (inherent factor)
PIN (knowledge factor) plus a token card (possession factor)
See the RAD-Series RSA SecurID® Ready Implementation Guide for details on implementing two factor authentication using the Interlink Networks RAD-Series RADIUS Server, RSA® Authentication Manager, and RSA SecurID® software and hardware tokens.