2. Abstract
Today’s widespread use of single factor authentication is in the midst of
changes .Both corporate and personal assets are at risk against people
trying impersonating users and stealing money and information .Single
factor authentication method such as username / password combination
are no longer sufficient enough.
Two factor authentication provides a significant
increase in security.
Un-secured passwords are no longer going to provide enough information
to the hackers to breach in security. The pin numbers or passwords are to
be used in conjunction with
tokens , smart cards or even biometric . The combination of these two
factor will provide a secure system overall .
3. Single Factor Authentication(SFA)
• SFA is a process for securing access to a given system,
such as a network
or website that identifies the party requesting access
through only one category of credentials.
• The most common example of SFA is username/password
combination.
• The single factor in this case is something you know ,
password.
• Most business networks and most internet sites use basic
username/password combination to allow access to
secured or private resources.
4. Problems With SFA
• In SFA sites , knowing the first part , username , gives the
potential hacker /thief 50%of the information required to
gain access to vital information .
• A hacker with correct knowledge of username can then
use specifically designed software to try to guess the
password .
• With the current speed of CPU’s , even brute force attacks
are also probable.
• Most people tend to have same password everywhere , so
if a hacker has access to it once , it is probable he is
having access to your entire data.
• Keystroke logging , Phishing , Dictionary attack etc.
5.
6. Two Factor Authentication (2FA)• 2FA provides a significant increase in the security over
SFA.
• The two factor of 2FA are something you know +
something you have.
• The additional factor “something you have” is the key
factor . It can be either token’s , smart-cards or biometric .
8. 2FA Tokens
One Time Password (OTP) is a second layer of security to verify
your identity.
Types of OTP
• Software OTP : A OTP generated by the company and sent to
your mobile phone or pc.
• Hardware OTP : An OTP generated by a security device/token
.You press the button on device/token to obtain the OTP.
• Event Based OTP : Here the moving factor is triggered by
event .
• Time Based OTP : Here the moving factor is time.
9. Smart Cards
Smart Card is used in combination with smart card reader .
The user will insert the card and the card sends an
encrypted message to the website, or the reader displays a
unique code that the user will enter.
10. Biometric
It uses biological aspects of the end user , such as fingerprints , iris s
Other methods include E-Signature or KeyStrokes dynamics that not
the final signature but also how the signature was written .
11. Pros & Cons of 2FA
• It is slow and cumbersome
.
• Users have to have their
“something you have” all
the time.
• Physical factors if lost can
be an overhead for
criminals .
• It is secure . Really
secure.
• Helps to protect
sensitive data and
prevent it from falling
into hands of cyber
criminals .