Two-Factor Authentication

image of Keith A. Ferguson, CISA, CISSP, CRISC

About the author
Keith A. Ferguson, CISA, CISSP, CRISC

Two-factor authentication provides identification of users by means of the combination of two different parts. These components may be something the user knows, something the user has or something that is part of the user. For example, when someone uses their debit card, only the correct combination of a debit card and a personal identification number allows the transaction to be carried out.

One of the more secured ways to use two-factor authentication is with biometrics. Biometric authentication refers to the identification of people by their characteristics or traits.

There is a wide range of different biometric systems available. The most popular systems are: fingerprint, hand print, retinal scan, iris scan, signature recognition, and voice recognition. Biometric technology is often used as a form of identification and access control. Using a person’s scanned biometric characteristics can provide strong evidence of that individual’s identity prior to being granted access to a secure facility, a sensitive web site or confidential information on a secured network.

Fingerprint 

An example of one of the most commonly used biometric technologies is fingerprint identification; as individual’s fingerprints remain the same throughout their life, and no two fingerprints are alike. This makes fingerprints ideal for biometric identification. Fingerprint identification may not work in certain environments because accurate identification requires clean hands, and injuries to the hands may prevent proper identification.

Handprint

Handprint identification works well in harsh environments as it does not require clean conditions. It is not considered as intrusive as other forms of biometric technologies and is often used in industrial environments (e.g., for workers to clock-in), but is equally useful for access control.

Retinal Scan

Retinal scanning records the pattern of the blood vessels in the retina at the back of the eye. The retinal pattern is unique to each individual and never changes. Retinal scan has two main disadvantages, it is intrusive (a beam of low-energy infrared light is shone into the eye) and the scan process is relatively slow (a good clean scan takes about 15 seconds). This type of biometric solution tends to be the standard in military and government installations.

Iris Scan

Iris scanning looks at an individual’s iris which has complex random patterns that are unique and can be seen from several feet away. The patterns stay the same throughout an individual’s life, which makes an iris ideal for scanning, and they can be scanned in a relatively nonintrusive way. However, iris scanners have been “spoofed” by the use of a color picture of an authorized eye.

In summary, whatever solution your bank decides to implement with a two-factor authentication, it is important to be aware of the potential issues and concerns. A big concern for your bank and banking customers is privacy.