Skip to main content

Use TrustID® certificates for two-factor authentication to access computers and certificate-enabled software applications

It is important to know how two-factor authentication works and how you can use digital certificates to replace traditional user name and password methodology to control access to hardware and certificate-enabled software applications and web servers.

Two-factor authentication, also known as 2FA, typically replaces a user name and password login process as a stronger method of protecting access to PCs and laptops and introducing stronger authentication before allowing access to critical business data and software applications.

Identity-based certificate:  In order to enforce two-factor authentication, the digital certificate that is used must be an identity-based certificate.  This means that the identity of the individual must be vetted by an accredited Certification Authority (CA) before the certificate can be issued to the applicant.

Two-factor authentication:  Is defined as using something that you have in combination with something that you know in order gain physical or logical access to something. When using identity-based digital certificates for two-factor authentication, the certificate is stored in a hardware device (i.e., smart card or USB token), which is password protected.

Factor One (1): The first factor is the hardware password that only you should know. This password is used to access the certificate that is stored on your hardware device.

Factor Two (2): The second factor is the hardware that stores your certificate and which only you should have possession.

When used in combination, two-factor authentication is achieved.

Use cases for two-factor authentication: Various government agencies also require two-factor authentication in order to access secure government agency websites and/or to fulfill government regulations for initiating transactions, such as DEA-compliant Electronic Prescriptions for Controlled Substances (EPCS).

IdenTrust offers a combination of products and services to support deployment of two-factor authentication. Learn more about Two-Factor Authentication.

TrustID® Secure Email (S/MIME) Certificates

TrustID Secure Email Certificates: This low cost certificate is an excellent option if you only need to have your email address validated by the recipients of your email communications.  This certificate type does not confirm your identity; rather, it confirms that you have access to and control over the email address/account that is associated with the approved certificate.  These certificates are often referred to as S/MIME certificates.

  • Authenticate your email address
  • Are used to digitally sign and encrypt email communications
  • Can be stored in your PC browser for use on a single PC or on a smart card or USB token for greater security and use on multiple PCs
  • Rely on a fully automated application process with expedited approval, following your confirmation of your email address
  • Are available to applicants from most countries
  • Are valid for one (1) year 

TrustID® Personal Certificates

TrustID Personal Certificates: This moderately priced certificate is perfect for applicants who wish to be able to provide proof of identity, and can be used for various digital transactions, including securing email communications via digital signing and/or encryption.  Recipients of emails digitally signed with a TrustID personal certificate can be assured that the email was initiated by you and has not been intercepted by a fraudster.

  • Authenticate the certificate holder as the individual to which the certificate has been issued
  • Are used to digitally sign and encrypt email communications
  • Can be stored in your PC browser for use on a single PC or on a smart card or USB token for greater security and use on multiple PCs
  • Rely on automated validation of the applicant’s provided information with activation materials  returned via U.S. mail to the validated address of the applicant
  • Are available to enterprise customers and U.S. and Canadian applicants
  • Are valid for one (1) year

TrustID® Business Certificates

TrustID Business Certificates: This moderately priced certificate is offered to individuals who wish to provide proof of identity, as well as affiliation with the business entity with whom they are associated. These certificates can be used for various business purposes, including securing email communications via digital signing and/or encryption.  Recipients of emails digitally signed with a TrustID business certificate can be assured that the email was initiated by you, as a representative of your affiliated business entity and has not been intercepted by a fraudster.

  • Authenticate the certificate holder as the individual to which the certificate has been issued, as well as his or her affiliation with the business entity named in the certificate
  • Are used to digitally sign and encrypt email communications
  • Authenticate you as an individual who is affiliated with an identified business or other organization
  • Can be stored in your PC browser for use on a single PC or on a smart card or USB token for greater security and use on multiple PCs
  • Are available to enterprise customers and U.S. and Canadian applicants
  • Are valid for one (1), two (2) or three (3) years based on user selection

Please note that TrustID business certificates require that the certificate applicant provide notarized business forms to ensure that he or she is eligible to represent the affiliated business entity.  Validation of applicant provided information is automated and a manual review of the business form is required before a certificate can be approved.  Activation materials are returned via U.S. mail to the validated address of the applicant.


Use our Certificate Selection Wizard to assist with your purchase of a publicly trusted TrustID certificate.