Two Factor Authentication (2FA)
Internet Security. Use of two or more means of user identification to grant access to a system. This method of authentication is also known as multi-factor authentication (MFA), two-step verification (TFA).
Authentication factors have three dimensions:
- Retention: knowledge, something you know, possession, something you have, or inherent, something you are.
- Format: hardware (physical device), software (code), and wetware (mental construct)
- Proximity: connected to an authenticating device or disconnected from an authenticating device
| Factor | Retention | Format | Proximity |
|---|---|---|---|
| Authentication mobile app | Possession | Software | Disconnected |
| Card Verification Code (CVC) | Possession | Hardware | Disconnected |
| Facial recognition | Inherent | Software | Connected |
| FIDO2 USB key | Possession | Hardware | Connected |
| Fingerprint | Inherent | Hardware | Connected |
| Generated prompted question | Knowledge | Wetware | Connected |
| NFC smart card | Possession | Hardware | Disconnected |
| Oauth | Software | Disconnected | |
| One-Time Password (OTP) token | Possession | Hardware | Disconnected |
| Password | Knowledge | Wetware | Disconnected |
| PIN | Knowledge | Wetware | Disconnected |
| Predetermined prompted question | Knowledge | Wetware | Disconnected |
| Time-based One-Time Password (TOTP) over SMS | Possession | Software | Disconnected |
| Voice recognition | Inherent | Software | Connected |
Two-factor authentication uses two or more of these factors.