What is two factor authentication?

 

There are a variety of technologies and methodologies financial institutions can use to authenticate customers.  These methods include the use of customer passwords, personal identification numbers (PINs), digital certificates using a public key infrastructure (PKI), physical devices such as smart cards, one-time passwords (OTPs), USB plug-ins or other types of “tokens”, transaction profile scripts, biometric identification, and others.  The level of risk protection afforded by each of these techniques varies. The selection and use of authentication technologies and methods should depend upon the results of the financial institution’s risk assessment process.

 

Existing authentication methodologies involve three basic “factors”:

 

            • Something the user knows (e.g., password, PIN);

 

            • Something the user has (e.g., ATM card, smart card); and

 

            • Something the user is (e.g., biometric characteristic, such as a fingerprint).

 

Authentication methods that depend on more than one factor are more difficult to compromise than single-factor methods.  Accordingly, properly designed and implemented multifactor authentication methods are more reliable and stronger fraud deterrents.  For example, the use of a user name and password is single-factor authentication (i.e., something the user knows); whereas, a PIN-SECURE transaction provides multifactor (two factor) authentication: something the user possesses (i.e., the PIN-SECURE secure entry software and the independent secure networks, one being SSL and the other being the PIN-SECURE secure network) combined with something the user knows (i.e., User ID, password and PIN).

 

Example: PIN-SECURE providing Quad Factor Authentication

 

            • Something the user knows (e.g., password, PIN);

                          [Factor One] [User ID and Password]

[Factor Three] [PIN]

            • Something the user has (e.g., ATM card, smart card); and

                          [Factor Two] [Secure PIN pad software]

[Factor Four] [Two secure Networks]

 

 

By Glenn Gearhart, CEO, ACAP Security Inc., a provider of higher level security solution to the financial industry. glenn@acapsecurity.com.

 

White Paper: 021506 ACAP Security Inc.

 

Copyright 2005.  ACAP Security Inc. all rights reserved.