2-factor authentication

What is a two-factor authentication?  How would I use it and from what software are needed?
Jay SmithAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Russ SuterSenior Software DeveloperCommented:
Authentication methods can be broken down into 3 basic categories.
What you know
This is the most common form of authentication. It's a password or the answer to a security question or, in the case of captcha it can be the answer to a simple riddle.
What you have
This is typically used as the 2nd factor in a two factor authentication method. Early methods involved a little pocket device with 6 pseudo random digits displayed that change every 30 or 60 seconds. The authenticator would ask you for what 6 digits are currently being displayed. The theory was that it was highly unlikely that you could guess the correct 6 digits or that another device would happen to be showing the same digits at the same time. Nowadays it's much more common to use a cell phone by either sending a code via SMS or using some sort of app with a push notification option.
What you are
This is things like fingerprints, voice prints, retinal scans, etc. It's pretty hard to use this authentication method for online services. This method is typically used in places where physical access is required, like going through a locked door into a secure area.

There are many implementations of two factor authentication. The first factor is usually the common username/password combination. Once that is validated then the 2nd factor is employed. Exactly how you implement this is widely variable and can be customized to your own needs. LastPass, Google, Microsoft, and many others have 2FA systems but if you want something that's easy to digest, free to try, and pretty straightforward to implement, I'd suggest looking at https://duo.com/.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tiborg GuaranaIT beginsCommented:
Well said from gentleman above, here are some more ideas for option where you can use it, and how.


Keep in mind that you need to save (qr) code for where you import you 2factor authentication in case you lose, reset your phone, laptop, pc etc. as you can have big problems in other case.
What is a two-factor authentication?
Russ answered this, so no point in repeating. The idea is that you use two of the criteria mentioned to log into a system.

How would I use it and from what software are needed?
You need to define your requirements before anyone can answer this. A token is a common second factor that gets used, which is where technologies like Duo, Okta, RSA or RSA SecureID come into play. If you were going the biometric route, you'd utilize a totally different set of technologies.
2 Factor Authentication is used to give more security.  It's very necessary for the general public that use very weak passwords (the first factor) that can be easily brute forced.  For most people the 2nd factor is a phone (SMS text - not very secure) or a phone App (DUO, Googel Authenticator, Quiktok, etc...).  Some computers have Biometric scanners, but that's generally used as a replacement for a password instead of an actual 3rd factor, so I don't generally count that as one of the factors, although it technically could be used a 3rd factor.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.