Two-Factor Authentication (2FA) is a system wherein two different methods are used to authenticate an individual. 2FA is based on something you know (a secret PIN) and something you have (an authentication token that randomly generates a number). When the token’s random number is combined with a secret PIN, the resulting Passcode is considered two factors of authentication. 2FA increases The Department’s security stance because:
- It eliminates reusable passwords that can be written down, logically stored, forgotten, and susceptible to brute force password attacks.
- Provides positive identification of an individual since only that individual knows the secret PIN associated with their particular authentication token.
By using a token to positively identify users before they interact with mission-critical data and applications, The Department provides a much more reliable level of user authentication than reusable passwords.