Replace User Name and Password with Two-Factor Authentication
Two-factor authentication, also known as 2FA, typically replaces a user name and password login process as a stronger method of protecting access to PCs and laptops and introducing stronger authentication before allowing access to critical business data and software applications.
Digital certificate
To enforce two-factor authentication, you must have a digital certificate. In most cases, the certificate must be an identity-based certificate; however, there are some applications where a certificate issued to your email address might be allowable. Identity-based means that the identity of the individual must be validated by an accredited Certification Authority (CA) before the certificate can be issued to the individual.
Two-factor authentication
Is defined as using something that you have in combination with something that you know in order gain physical or logical access to something. When using identity-based digital certificates for two-factor authentication, the certificate is stored on a hardware device (i.e., smart card or USB token), which is password protected.
Factor One (1): The first factor is the hardware password that only you should know. This password is used to access the certificate that is stored on your hardware device.
Factor Two (2): The second factor is your digital certificate that is stored on hardware and which only you should have possession.
When used in combination, two-factor authentication is achieved.
Use cases for two-factor authentication
Various government agencies also require identity-based, two-factor authentication in order to access secure government agency websites and/or to fulfill government regulations for initiating transactions, such as DEA-compliant Electronic Prescriptions for Controlled Substances (EPCS).
IdenTrust offers a combination of products and services to support deployment of two-factor authentication.