Advanced Authentication

Advanced authentication is often referred to as two-factor authentication. Two-factor authentication (TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something the user knows"), a possession factor ("something the user has"), and an inherence factor ("something the user is").

Background

Two-factor authentication is commonly found in electronic computer authentication, where basic authentication is the process of a requesting entity presenting some evidence of its identity to a second entity. Two-factor authentication seeks to decrease the probability that the requestor is presenting false evidence of its identity. The number of factors is important, as it implies a higher probability that the bearer of the identity evidence indeed holds that identity in another realm (i.e.: computer system vs real life). In reality, there are more variables to consider when establishing the relative assurance of truthfulness in an identity assertion than simply how many "factors" are used.

Knowledge factors: "something the user knows"

Password - A password is a secret word or string of characters that is used for user authentication. This is the most commonly used mechanism of authentication. Many two factor authentication techniques rely on password as one factor of authentication.

PIN - A personal identification number (PIN) is a secret numeric password and used in ATMs typically.

Possession factors: "something the user has"

Token - A number of types of pocket-sized authentication token are available which display a changing passcode on an LCD or e-ink display, which must be typed in at an authentication screen, thus avoiding the need for an electronic connection. The number is derived from the shared secret by a cryptographic process which makes it infeasible to work out the secret from the sequence of numbers. Essentially, the secret is hashed or otherwise cryptographically combined with a challenge, and the result is displayed. The same process repeated on the authentication server will yield the same result if the correct secret was used.

Smartcards - Smart cards are the same size as a credit card. Some vendors offer smart cards that perform both the function of a proximity card physical access device and network authentication. Users can authenticate into the building via proximity detection and then insert the card into their PC to produce network logon credentials.

Soft tokens - The functionality of any disconnected token can be emulated as a "soft token" on a PC or smartphone using deployed software, whereupon that device itself becomes the possession factor. This saves on deployment costs, but against that, the secret is vulnerable to any attacker or malware that can gain full access to the device. The Zeus Trojan, which can now infect mobile devices running Android or BlackBerry OS, specifically targets banking credentials and may forward them to the attacker at a website set up for the purpose, or by SMS messaging.