Replace User Name and Password with Two-Factor Authentication
Two-factor authentication, also known as 2FA, typically replaces a user name and password login process as a stronger method of protecting access to PCs and laptops and introducing stronger authentication before allowing access to critical business data and software applications.
To enforce two-factor authentication, you must have a digital certificate. In most cases, the certificate must be an identity-based certificate; however, there are some applications where a certificate issued to your email address might be allowable. Identity-based means that the identity of the individual must be validated by an accredited Certification Authority (CA) before the certificate can be issued to the individual.
Is defined as using something that you have in combination with something that you know in order gain physical or logical access to something. When using identity-based digital certificates for two-factor authentication, the certificate is stored on a hardware device (i.e., smart card or USB token), which is password protected.
Factor One (1): The first factor is the hardware password that only you should know. This password is used to access the certificate that is stored on your hardware device.
Factor Two (2): The second factor is your digital certificate that is stored on hardware and which only you should have possession.
When used in combination, two-factor authentication is achieved.
Use cases for two-factor authentication
Various government agencies also require identity-based, two-factor authentication in order to access secure government agency websites and/or to fulfill government regulations for initiating transactions, such as DEA-compliant Electronic Prescriptions for Controlled Substances (EPCS).
IdenTrust offers a combination of products and services to support deployment of two-factor authentication.