Two-Factor Authentication

Two-factor authentication (or 2FA) uses two steps to confirm a user’s claimed identity: something they know (like a password) and something they have or something they are (such as a security token).

The problem with 2FA today

Many systems currently rely on SMS as a second factor for out-of-band authentication. This approach involves the sending of a short code to the user’s mobile number. The National Institute of Standards and Technology (NIST) is now recommending against the use of SMS for 2FA due to spoofing concerns. Alternative two-factor techniques require certificates on devices – forcing the user to have the device in hand.

For lost credentials, many systems rely on Knowledged-based Authentication. Users must provide information that only they would likely know. One problem is that this information is sometimes forgotten or unclear to the user. A bigger problem is that much of this knowledge is easily available to fraudsters on public sources.

The benefits of Biometrics for two-factor authentication

Biometrics enables a second factor of authentication that is not only independent of a user’s device, but also immediate. In the case of device or application login behavioral biometrics and/or facial recognition can be combined with a standard login and password to provide two-factor authentication with zero added friction.

Strengthen authentication and reduce fraud
Reduce friction in the user experience
Eliminate the expense of token-based and one time password (OTP) systems
Works across desktops and mobile devices

IDSquared™ by ID R&D

IDSquared combines facial recogntiion and behavioral biometrics to turn a standard login and password into a two-factor authentication without introducing any extra effort for the user.