two-factor authentication
Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of as
something you have and
something you know. A common example of two-factor
authentication is a bank card: the card itself is the physical item and the personal identification number (
PIN) is the data
that goes with it.
According to proponents, two-factor authentication could drastically reduce the incidence of online identity theft, phishing expeditions, and other online fraud, because the victim's password would no longer be enough to give a thief access to their information. Opponents argue (among other things) that, should a thief have access to your computer, he can boot up in safe mode, bypass the physical authentication processes, scan your system for all passwords and enter the data manually, thus -- at least in this situation -- making two-factor authentication no more secure than the use of a password alone.
Some security procedures now require three-factor authentication, which involves possession of a physical token and a password, used in conjunction with biometric data, such as fingerscanning or a voiceprint.
This was last updated in July 2004
Dig Deeper
-
Adobe Reader X uses Microsoft's sandboxing technology to block potentially dangerous processes from executing beyond the confines of the software.
-
Microsoft repaired four vulnerabilities in its Forefront Unified Access Gateway and a critical flaw in Microsoft Office.
-
Download the entire October 2010 issue of Information Security magazine here in PDF format.
-
People who read this also read...
-
Resources from around the Web