Skip to main content

Replace User Name and Password with Two-Factor Authentication

Two-factor authentication, also known as 2FA, typically replaces a user name and password login process as a stronger method of protecting access to PCs and laptops and introducing stronger authentication before allowing access to critical business data and software applications.

Digital certificate

To enforce two-factor authentication, you must have a digital certificate.  In most cases, the certificate must be an identity-based certificate; however, there are some applications where a certificate issued to your email address might be allowable.  Identity-based means that the identity of the individual must be validated by an accredited Certification Authority (CA) before the certificate can be issued to the individual.

Two-factor authentication

Is defined as using something that you have in combination with something that you know in order gain physical or logical access to something. When using identity-based digital certificates for two-factor authentication, the certificate is stored on a hardware device (i.e., smart card or USB token), which is password protected.

Factor One (1): The first factor is the hardware password that only you should know. This password is used to access the certificate that is stored on your hardware device.

Factor Two (2):  The second factor is your digital certificate that is stored on hardware and which only you should have possession.

When used in combination, two-factor authentication is achieved.

Use cases for two-factor authentication

Various government agencies also require identity-based, two-factor authentication in order to access secure government agency websites and/or to fulfill government regulations for initiating transactions, such as DEA-compliant Electronic Prescriptions for Controlled Substances (EPCS).

IdenTrust offers a combination of products and services to support deployment of two-factor authentication.