Two-factor authentication is defined as “a security process in which the user provides two means of identification, one of which is a physical token, such as a card and the other is typically something that is memorized, such as a security code”.
To illustrate, a two-factor authentication can be an ATM card as your physical token and your PIN number.
Usage of the two-factor identification reduces the occurrence of phishing, similar online fraud and online identity theft. Generally it protects and secures your personal information.
The security token is used to prove your identity electronically and can be used in addition to or take the place of a password. There are several types of tokens that use the two-factor authentication.
- The physical token like a card may store cryptographic keys such as a digital signature, or a biometric data like a fingerprint. Some have keypads where you can enter a pin number, like when you swipe your bank card when paying for purchases and you need to enter your PIN number. Others are designed like a USB connector or Bluetooth wireless interface to enable the transfer of a key number sequence to another system.
- A disconnected token requires no physical device to be connected to the client computer, such as a password-protected PC, a password protected software or such common tools you use like logging in to your email accounts, blogging accounts, Facebook, Friendster, Multiply and other secure websites, to name a few, where you are granted access provided you have the right password.
- A connected token requires a physical object to be connected to the client computer like a USB token or a smart card (an encrypted ID, cash cards) where you have to open a router port, which needs a USB port and a smart card reader, respectively.
- Bluetooth is also a security token, and can be combined with a USB token. It is built-in in some high-end mobile phone models and well as in new laptops and notebooks. The authentication works in closer distances. A Bluetooth USB input device can also be inserted to a USB port in your PC to transfer and receive data from your mobile phone.
- Two-factor authentication is also used in GSM cellular phones. Certain models allow users to utilize their mobile phone as a security token with a Java application installed and configured properly. SMS messaging, WAP and HTTP services are also using the two-factor authentication for users to access the service.
- Verisign has several types of tokens. PayPal and eBay have a custom-branded version of the One Time Password Token developed by Verisign. It serves as an extra layer of authentication when customers log in to their sites.
The developments in information technology are rapid. E-commerce is becoming a norm for global reach. The speed in which bulk information travels over the Internet is counted in milliseconds. This makes it vulnerable and subject to hackers and other online attackers. The two-factor authentication is one of the ways to safeguard your identity, your business and your data from online theft. And it is used in several applications where you need to provide proof of identity other than the plain old identification card.