There was a piece on BBC Radio 4 Today programme a few minutes where the expert was talking about two factor authentication*, and how important it was to have it.
Here come the silly questions. What is it? Have I got it? How do I tell? How do I get it, if I haven't got it?
*I do hope I have got the right phrase.
|
...quite often known as authentication using "something you know" and "something you've got".
So, if you do online banking, a card-reader (augmented by your login to your online banking site) can provide two-factor authentication.
To use the card reader, you need to know the PIN, and you need to have the card physically with you. (the combination when used provides a code that is used online to prove you have both factors - if you don't know the PIN, and/or don't have the card, you can't get that authentication code).
There is an alternative stance that the website login (using a username/password) provides the "something you know, and the card-reader is simply proving the "something you've got" (the card).
There are various other ways of implementing multi-factor authentication.
|
Another two examples of two factor authentication, one perhaps more common for the public than others.
1. You start to logon and are then sent a text message with a code to enter to continue the logon process. Only you can proceed because you will get the code sent to your phone. The code will last only a short amount of time.
2. Secure hardware token which provides a continually changing rolling code, like the RSA SecurID token. You enter the code as part of the logon process.
www.tokenguard.com/images/tokens/SID700.gif
The code changes say every minute... the bars on the left of this image is the countdown. We use these a lot at work to access our more secure systems. For the more secure systems we also have secure laptops.
|
As a modern alternative to the RSA Token as a 2FA device, I now have a software RSA Token for a secure connection capability.
I enter a userid and password, then further enter a separate PIN number followed by an RSA token number displayed in an app on my screen. It only lasts a minute at a time and it is uniquely associated with this device and my pin and my userid.
Gadgety but I always have the code device with me when I want to use it on this laptop.
|
>> To use the card reader, you need to know the PIN, and you need to
>> have the card physically with you. (the combination when used provides a code that is
>> used online to prove you have both factors - if you don't know the PIN,
>> and/or don't have the card, you can't get that authentication code).
That's what I've got with First Direct.
Last edited by: VxFan on Fri 30 Jun 17 at 12:47
|
Two factor authentication is a subset of Three factor authentication, which is
1. Something you know e.g. password
2. Something you have e.g. phone (to receive text verification), card reader etc.
3. Something you are e.g. your voice, iris scan, fingerprint, DNA etc.
|