Two Factor Authentication

What is Two Factor Authentication?

In addition to the normal authentication process typically requiring a username and password (a single factor), the user has to provide a further physical proof to confirm their identity. The combination of two different methods is known as two or multi factor authentication (2FA for short).

There are three possible factors that can be used. Note that two instances of the same factor is NOT two factor authentication but is often called two step authentication and offers a much lower level of security.

The three factors are as follows:

  • Something you know (e.g. password or PIN)
  • Something you have (e.g. mobile phone, debit card or hardware token)
  • Something you are (e.g. biometrics, a fingerprint, DNA sample or retina scan)

Data Breaches and Hackers On the Rise

Banking systems have been using two factor authentication for years via the Chip and PIN mechanism. The debit or credit card represents the physical factor and the PIN number the memorable factor. With data breaches increasing in size and severity, relying on a password alone simply isn't good enough for any site holding sensitive information, especially as passwords are often shared across multiple websites and applications in defiance of best practice.

Enable An Extra Layer of Security

VerIDial provides two factor authentication by utilising mobile phones and landlines. A one-time PIN is sent to a phone to be entered into the website being protected. This proves the person authenticating is in possession of the phone the PIN was sent to, at the time the PIN was sent.

VerIDial supports multiple ways of delivering the PIN, by using the smartphone App available for iPhone and Android, sending a text message to any mobile phone or by an automated phone call to a mobile or landline.

VerIDial provides websites with an added level of security to help prevent fraud and combat identity theft as well as protect against possible data loss.

Achieve Compliance, Protect Against Data Loss

Use VerIDial to help achieve compliance with the UK's Cyber Essentials, Information Assurance for Small to Medium-sized Enterprises, International ISO 27000 series or similar information security standards.

For websites taking card payment information, using VerIDial can help meet the authentication requirment in the Payment Card Industry's PCI DSS standard for protecting sensitive card data. The latest versions (3.0 and 3.1) requires all backend systems with direct access to card information to be protected by two factor authentication.