What Is Two-Factor Authentication (Multi-Factor Authentication)?
In recent years, the use of “two-factor authentication” has been increasing as a personal identification method.
The methods of identity verification are roughly divided into the following three:
1) Use user’s knowledge: (Something you know)
2) Use user’s possession: (Something you have)
3) Use characteristics of users themselves: (Something you are, biometrics)
Multi-factor authentication is a method of identity verification using multiple elements of these three, and two-factor authentication is using two elements of these three.
For example, ATM using a cash card as 1) and a secret number as 2) realizes two-factor authentication.
Even in the case of using two levels of authentication, both passwords and answers to secret questions are 1), so it can not be said to be two-factor authentication.
From the viewpoint of prevention from spoofing, 1) is very weak against leakage of knowledge such as leakage of passwords stored in the system and theft of secret numbers by observing users. Many problems actually occurred.
2) is also very weak against the theft of possession such as IC card by others.
Introducing Two-Factor Authentication
By introducing two-factor authentication, it is possible to prevent spoofing against the theft of a password and theft of a card. Recently, the number of systems that realize high security using two-factor authentication is increasing.
Furthermore, some systems, where high security is required, have to be introduced two-factor authentication.
For example, in a system that accesses “my number” that was introduced last year, Ministry of Internal Affairs and Communications obliged the system to introduce two-factor authentication.
Effective and Efficient Element for Two-Factor Authentication
Among two-factor authentication, 3), using biometric information, is better than others from the user side, because of not requiring the user to remember something or carry around something.
Moreover, there is basically no risk of theft or loss.
With such features, biometric authentication is increasingly introduced to two-factor authentication.
Among biometrics, vein authentication can realize extremely high security from the viewpoint of prevention from spoofing compared with fingerprints or faces, because it is easy to make forgery of fingerprints or faces using their photographs.
That is why vein authentication has been increasing to be introduced by two-factor authentication.
In the future, opportunities to see vein authentication will increase, especially in fields requiring high security such as educational field dealing with student’s personal information, medical field dealing with patient’s personal information.
Author of this article
General Manager, Technology Promotion
About the Author
Yutaka Deguchi is a General Manager of mofiria Corporation, Japanese company providing finger vein authentication technology.
Yutaka joined in 2013 from Toshiba corporation where he was responsible for the technology and product development in voice recognition and synthesis, and now is reponsible for the technological development including the management of intelectual property and collaboration with some research institutes.