Two-factor
authentication is a type of authentication where it verifies
something you have in place of single factor authentication. In this
kind of authentication, there will be a need where you are required
to show what you have that the server understands before being
verified. There are various 2FA products in the market now and also
various kinds of 2FA products. A few of them are OTP Token (SMS services),
PKI USB Token, and also Smart Card. All of these hardware will give
one more piece of data that is needed for succeeding in the
authentication.
Having only single factor, attacker who has your username and password can always verify themselves till you don’t modify your password. It can also help you in stopping any brute force attack on your password. 2FA has already been a great need in any banking organization particularly doing a banking transaction.
Well, even if there are different type of two factor authentication product in market, every type of product works similarly where all through any verification, the user will be needed to give their username, password and the second factor at this time. For OTP 2FA, the second factor is an arbitrary number produced with the device. Whereas for the PKI USB Token, it is to insert the token and create a digital signature on the transaction and then sending it to the server for authentication. Any decisive authentication should not perform if the second factor is not shown.
Having only single factor, attacker who has your username and password can always verify themselves till you don’t modify your password. It can also help you in stopping any brute force attack on your password. 2FA has already been a great need in any banking organization particularly doing a banking transaction.
Well, even if there are different type of two factor authentication product in market, every type of product works similarly where all through any verification, the user will be needed to give their username, password and the second factor at this time. For OTP 2FA, the second factor is an arbitrary number produced with the device. Whereas for the PKI USB Token, it is to insert the token and create a digital signature on the transaction and then sending it to the server for authentication. Any decisive authentication should not perform if the second factor is not shown.
No comments:
Post a Comment