What is Two-Factor Authentication?

Two-factor authentication (2FA) is one of the most important ways to protect our digital assets today. In brief, two-factor authentication is a process that requires two of the three authentication factors:

1) Something you know (a password, a security question, etc)

2) Something you have (a token, a debit or credit card, a RFID chip, cell phone application, etc)

3) Something you are (fingerprint, iris scan, face scan, voice recognition, etc)

Most people associate two-factor authentication only with computer access; but while you may not realize it,  you already use 2FA in your daily life, as when you use your debit or credit card at an ATM or point-of-sale terminal:  first you swipe your card (something you have), then you enter your pin or zip code (something you know) or provide a signature (something you are).

Many of today's on-line authentication systems still use one-factor, or single-factor, authentication. That single factor is a password.  If hackers discover your password, they instantly gain access to your account.  Using 2FA adds an extra step or layer of protection.  While it may take a bit more time or effort, the time and effort spent using 2FA is well worth it as it is much more secure than one-factor authentication.  Some of the time and effort can be reduced in an environment like UT, where it is often used in conjunction with single sign-on (SSO) systems like Active Directory or UT Login, so that users don't have to authenticate for each system or application they need to access.  With single sign-on, once you have authenticated to one system or application, you are authenticated to all other systems or applications sharing that same SSO system.  This gives users the additional security that 2FA affords without repetition of the process.

Written by Eric Rostetter, Senior System Administrator
Questions or comments? The best and easiest way to contact us is via the CNS Help Desk form.

See also: Security, Toopher