Dear All,
Two Factor authentication
Authentication is generally required to access secure data or enter a secure area like a website or a financial trading account. The person requiring access or entry shall authenticate himself after keying in or otherwise stating his openly known identity based on proving authentically her or his identity additionally by means of
§ what the requestor individually knows as a secret, such as a password or a Personal Identification Number (PIN), or
§ what the requesting owner uniquely has, such as a passport, physical token, or an ID-card, or
§ what the requesting bearer individually is, such as biometric data, like a fingerprint
Two-factor authentication (TFA) means using any independent two of these authentication methods (e.g. password + value from physical token) to increase the assurance that the bearer has been authorized to access secure systems. Usually the username is openly known and hence not understood as a secure information. However, when combined with any of the other factors, serves as a strong access control mechanism.
Two-factor authentication means that instead of using only one type of authentication factor, such as only things a user knows (login IDs, passwords, secret images, shared secrets, solicited personal information, etc), a second factor, something the user has or something the user is, must be supplied in order to authenticate.
Two-factor authentication is not a new concept. Two-factor authentication is used every time a bank customer visits the ATM. One authentication factor is the physical ATM card the customer slides into the machine. The second factor is the PIN they enter. Without either of these, authentication cannot take place. This scenario illustrates the basic parts of most multi-factor authentication systems; the "something you have" + "something you know" concept. Now-a-days, some banks have started providing Three factor authentication i.e. in addition to the account no. and password, a physical token that displays random numbers each time, which serves as an added authentication. RBI has also mandated
For further information refer
Regards,
CA Rahul Joglekar
Partner
Gokhale & Sathe
Chartered Accountants
As compared to other type of authentication scheme two factor authentication is the most powerful and popular way used in high level security applications. I will surely refer to the posted link to learn more about this process.
ReplyDeleteelectronic signature software