As opposed to single-factor-authentication (SFA), where the user specifies only one factor – typically a password or passcode (= knowledge factor), 2FA methods require a password and a second factor, usually either a security token or a biometric factor, such as a fingerprint or a facial scan. This makes it much more difficult for attackers to gain access to accounts via a database of stolen passwords or phishing campaigns.
Independent credentials turn the tide
The second of two authentication factors include either a possession factor or an inherence factor. The possession factor is something owned by the user, such as a security token, a mobile phone or a smartphone app that is taken to approve authentication requests. The inherence factor is also known as biometric factor, which is something inherent in the user’s physical appearance, fingerprints, facial or voice recognition, keystroke dynamics, gait or speech patterns. Sometimes, systems need greater security by multifactor authentication (MFA) that rely on two or more independent credentials such as location factor (tracking the geographic location of an authentication attempt via IP address or GPS data) and/or time factor (restricted access via authentication during a specific time frame).