Generic selectors
Exact matches only
Search in title
Search in content

Two-Factor Authentication (2FA) vs. Two-Step Authentication (2SA)

01/31/2020 / 0 Comments

Two-Factor Authentication and Two-Step Authentication are two options for secure authentication of users. Either one can be a good fit for your setup depending on your requirements and preferences.

What is Two-Factor Authentication (2FA)?

There are different kinds of two-factor authentication, but they are all based on the same principle: To authenticate the user has to provide two factors instead of one (password). These two factors can be something the user owns (like a phone), he knows (like a password) or he is (like a fingerprint).

The different types of two-factor authentication distinguish themselves by the protection and security of these factors. The combination of a phone and a password is hard to interfere with, while an email or text message can be intercepted more easily. With the SecSign ID two-factor authentication you have the most secure version of two-factor authentication: an RSA-encryption scheme with 2048-bit private keys stored in either the TEE of the device or with the SafeKey procedure. More information about the technical specifications of the SecSign two-factor authentication are available here.

How does the Two-Factor Authentication (2FA) Login look like?

To authenticate the user needs to have two factors: something he owns (mobile device with private key) as well as something he knows (PIN or password) or something he is (fingerprint or FaceID).
To start the authentication he only needs to enter his user name (SecSign ID) in the browser. This automatically starts the authentication request. To open the app on his device he needs to provide either his PIN/password or his fingerprint/FaceID.

MORE INFORMATION

What is two-step authentication (2SA)?

A two-step authentication login adds an additional layer of security to the two-factor authentication. While the user only needs to provide his user name to initiate the two-factor authentication, a two-step authentication is not initiated without a user name and password. Generally, this user name and password will be the same credentials the user has been using before the 2FA was introduced. These credentials are for example stored in your Active Directory, Crowd Directory or IdM Solution.

This option adds a third factor to the requirements for successful authentication: Knowledge of another password.

How does the Two-Step Authentication (2SA) Login look like?

To authenticate the user needs to have three factors: his user credentials (user name and password), something he owns (mobile device with private key) as well as something he knows (PIN or password for the app) or something he is (fingerprint or FaceID).
To start the authentication he needs to enter his user name and password in the browser. This automatically starts the authentication request. To open the app on his device he needs to provide either his PIN/password or his fingerprint/FaceID.

MORE INFORMATION
SecSign 2FA