What is Two Factor Authentication?

Two-factor authentication requires two ways of proving one's identity. It is a mechanism of confirming user'sIdentity by using a combination of two different factors:
Something they know: a password, PIN, zip code or answer to a question (mother's maiden name, nameof pet, and so on)
Something they have: a phone, credit card or fob
or
Something they are: a biometric such as a fingerprint, retina, face or voice

We use two factor authentication in our everyday life even sometimes without realization. Using debit card withPIN code or while writing a check the bank wants to see the driver's license, each is a form of two-factorauthentication. Proving one's identity in more than one way brings an added layer of security.


Why Single Factor Autehntication is not Enough and Two Factor Authenticationis Needed for your Enterprise System?

The Identity Dilemma (Who is Accessing a Resource?):

If someone can steal, guess or somehow access your password and use that to access a resource with single
factor authentication there is no mechanism to verify who is accessing.

Password based authentication is getting easier to break day by day:

Passwords can be stolen, guessed or bypassed. The processing power of cracking passwords are increasing
day by day. Although it’s hard to beat the humble password when it comes to cheap, fast and convenient
verification, it won’t always promise to be a secure solution.

Something People know can be easily guessable:

Answer of some security questions can be easily guessable or accessable such as mother's maiden name,
name of pet, father's middle name, city where you are born.

Cached Password in a stolen / compromised device will give the hacker access to securesites:

If a device is stolen or compromised Cached password through remembering password feature will give
hacker's access to secure sites.

How does the second factor work?

After enters one's first authentication factor -- most of the case the password, one needs to enter the second
factor which can be a time sensitive token (a numerical code) generated in one's key fob or arrives by SMS or
through an authentication app such as Duo Mobile. A Two- Factor Authentication code is time sensitive; it will
be expired after sometime and a new code will be sent.

Will Two-Factor Authentication Promise Absolute Security?

No security product can claim to offer perfect, foolproof protection and absolute security. However when we
combine more than one factor in our authentication step it will be harder to get into the account and less
attractive targets.

Two-factor authentication prevents a large portion of hackers from targeting one's account because they'll needmore than just one's password. In addition to someone's password, a hacker would need to also have his phone or gain access to the tokens placed on his phone by the authentication mechanism via a phishingattack, malware or activating account recovery where he needs to reset the password and needs to A disabletwo-factor authentication. That's extra work.