What is two-factor authentication?

Two-factor authentication provides unambiguous identification of users by means of the combination of two different components. (source: http://en.wikipedia.org/wiki/Two_factor_authentication)

Synonyms and abbreviations for two-factor authentication are: duo-factor authentication, multi-factor authentication, 2FA and TFA.

A simple and clear example of a two-factor authentication process many of us undergo is when we go the ATM for cash. You need the combination of your bank card and your personal code to be able to get the cash. If you only have the card, you won’t be able to get the cash. If you only have the personal code, you won’t be able to get the cash.

So the two factors in this example are:

1-Bank card
2-Personal code

For SMSPassword the two factors exist of two components every worker of a company already has:

1-Corporate username/password
2-One-time password delivered by mobile phone

This introduces a new term: One-time password or OTP. While the corporate username and password are usually static. One-time passwords are only valid for a very short time. Just long enough to enable users to logon. The next time a user logs on, a new One-time password is delivered to the user. A one-time password is not vulnerable to brute-force attack or dictionary attacks. Because a one-time password is only valid for a very short period. Specially in a two-factor setup, even if you know the OTP, it is still useless without the other factor.

For this same reason the one-time password does not have to be very complex in a two-factor setup.