Many trusted systems require two-factor authentication.
Two-factor (or strong) authentication is where a subject provides at least two types of proof of identity.
With two-factor authentication, the compromise of one factor does not lead to the compromise of the system. An example is an access control system based on a token and a password, as illustrated in Figure 10-12. A password might become known, but it is useless without the token. Conversely, if the token is stolen, the thief cannot use it without the password.
Figure 10-12 Strong Authentication with a Token
A token can be a physical device or software application that generates a one-time authentication password or number. An example of a token is a keychain-sized device that shows—one at a time in a predefined order—a one-time password (OTP) on its small LCD, for approximately one minute. The token is synchronized with a token server that has the same predefined list of passwords for that user. At any given time, the user has only one valid password. For example, this technology could be used by an organization that needs to deploy remote-access services to its network over the Internet. The organization has implemented remote-access VPN technology and requires proper user authentication before users enter the protected network. The organization has had poor experiences enforcing password updates and wants to deploy a very secure, yet simple, system. Using OTP generators for remote users could be the ideal solution because they are secure and simple to use.
Was this article helpful?