01/31/2020 / 0 Comments
Two-Factor Authentication and Two-Step Authentication are two options for secure authentication of users. Either one can be a good fit for your setup depending on your requirements and preferences.
There are different kinds of two-factor authentication, but they are all based on the same principle: To authenticate the user has to provide two factors instead of one (password). These two factors can be something the user owns (like a phone), he knows (like a password) or he is (like a fingerprint).
The different types of two-factor authentication distinguish themselves by the protection and security of these factors. The combination of a phone and a password is hard to interfere with, while an email or text message can be intercepted more easily. With the SecSign ID two-factor authentication you have the most secure version of two-factor authentication: an RSA-encryption scheme with 2048-bit private keys stored in either the TEE of the device or with the SafeKey procedure. More information about the technical specifications of the SecSign two-factor authentication are available here.
To authenticate the user needs to have two factors: something he owns (mobile device with private key) as well as something he knows (PIN or password) or something he is (fingerprint or FaceID).
To start the authentication he only needs to enter his user name (SecSign ID) in the browser. This automatically starts the authentication request. To open the app on his device he needs to provide either his PIN/password or his fingerprint/FaceID.
A two-step authentication login adds an additional layer of security to the two-factor authentication. While the user only needs to provide his user name to initiate the two-factor authentication, a two-step authentication is not initiated without a user name and password. Generally, this user name and password will be the same credentials the user has been using before the 2FA was introduced. These credentials are for example stored in your Active Directory, Crowd Directory or IdM Solution.
This option adds a third factor to the requirements for successful authentication: Knowledge of another password.
To authenticate the user needs to have three factors: his user credentials (user name and password), something he owns (mobile device with private key) as well as something he knows (PIN or password for the app) or something he is (fingerprint or FaceID).
To start the authentication he needs to enter his user name and password in the browser. This automatically starts the authentication request. To open the app on his device he needs to provide either his PIN/password or his fingerprint/FaceID.
Want to learn more about SecSign’s innovative and highly secure
solutions for protecting your user accounts and sensitive data?
Use our contact form to submit your information, and a SecSign sales representative will contact you within one business day.
If you need assistance with an existing SecSign account or product
installation, please see the FAQs for more information on the most common questions. You don’t find the solution to your problem? Don’t hesitate to contact the
Product Support
I am Interested in