What Is Two Factor Authentication and How Does It Work?

There can be some confusion over exactly what two factor authentication (2FA) is and how it operates. First, 2FA combines something your users own, along with something your users know. Something your users own is their digital certificate required for completing 2FA processes. Something your users know could be their user name and password, a pin number, or a biometric scan of their finger print. In a typical 2FA system set up, your users are first asked to supply their digital certificate before they are prompted to supply the information they know. 2FA is frequently confused with systems that prompt users to create and enter answers to different questions. While this system does provide for an increased security for users, it is not a 2FA system. In fact, using challenge type questions does not even meet regulatory compliance in the United States as an accepted multi-factor authentication system.

Decide Where to Store Two Factor Authentication Digital Certificates

One consideration organizations have to make and determine is where they want to store digital certificates created for two factor authentication (2FA) processes. The level and amount of security required in different work locations within a facility is often used to help make this decision. In lower level security areas where employees all have their own individual computers or workstations, 2FA digital certificates could be installed locally, directly on the computers’ hard drives. In mid-level and high level security locations, it is more beneficial for organizations to place 2FA digital certificates onto a portable RSA token device, such as a USB jump drive or embedded onto a magnetic strip on a smart card or employee ID card. This type of scenario is also acceptable for situations where employees share computers and workstations, or operations that run multiple shifts.