What is two-factor authentication?
There are various ways to confirm the identity of a person who wants to log in to your system online. These can be broken down in to four authentication factors:
- Something you know (like a password)
- Something you are (biometrics like a fingerprint)
- Something you have (like a token or bank card)
- Your location
The more of these factors you apply, the more certain you are of the person’s identity. Depending on the number of factors you use, this is called two-factor authentication (2FA) or multi-factor authentication (MFA). While this level of assurance may sound great, the customer experience tends to suffer if you overuse authentication factors or employ them in an inappropriate way. In short: finding the right authentication process is a balancing act.
What are the benefits of 2FA?
Regular headlines about cybercrime and personal data leaks have made people cautious about the security of their online accounts. They are becoming aware that a username-password login can be hacked relatively easily, and as a consequence they have become more discerning about the companies they share their data with. By offering two-factor authentication you will not only provide a higher level of security, but also ease your customers’ mind and build a relationship of trust. But beware: the authentication process must never feel laborious, or customers will disengage. Luckily, mobile devices offer a very user-friendly solution – their built-in biometric and location facilities can help you create a frictionless experience.
Examples of two-factor authentication
Tokens are a very popular second-factor authentication method. They come in different forms:
- A lot of businesses use text messages to send tokens. Yahoo mail, Facebook, and certain banks will send you an automated text message with a code to access your account. However, depending on the transaction volume this can be a costly option.
- Others use apps, such as Google Authenticator, to deliver a push notification. All your customer needs for this is a compatible phone, and he likely has one: 80% of all online adults own a smartphone.
- Tokens can also be generated by a physical piece of hardware. This method was widely used by large corporations for employee logins and by banks for customer logins. However, the person must always carry a hardware token around, which proved too much of an obstacle. Unsurprisingly therefore, this method is slowly being phased out.
- In the past, companies also used token lists; a paper list of codes. This method had the same drawbacks as hardware tokens and is no longer common practice.
Other authentication methods include biometric factors, available in high-end mobile devices, and QR codes scanned by the camera on a mobile device – both very user-friendly options. WhatsApp is a good example of the power of QR codes: scanning a QR code in the app will give you access to your chats and data on another device through their web service.
Want to find out more about how each of these second-factor authentication methods works? Our expert Mathijs Brand has written an entire blog about it.
2FA in Onegini Identity Cloud
Onegini Identity Cloud is equipped with a strong authentication feature that can be fully customized to your business needs. You can build in as many factors and layers as you need, and our experienced team will help you create the right authentication process for your purposes and your target audience. By combining and integrating various factors, we make sure that customers are often not even aware they have gone through multi-factor authentication. That way you can offer your customers banking-grade security and a frictionless user experience.
Get started with two-factor authentication
Want to strengthen your security and improve your customer experience in one fell swoop? We are happy to talk to you about your options. Get in touch with us today for a no-strings consultation!