Two-factor authentication required in Level Protection

Enterprise 2023-05-04 18:49:10 views: null

In the three-level system of information security level protection, it is clearly required in the host security identity authentication module to use more than two authentication technologies at the same time, that is, the two-factor authentication commonly known in the industry.

1. What is two-factor authentication?

The so-called two-factor authentication (2FA , two-factor authentication ) refers to the method of authenticating users by combining two conditions of passwords and physical objects (biological signs such as credit cards, SMS mobile phones, tokens or fingerprints) . This approach has been adopted by enterprises, especially when it comes to remote access, but has limited application in other areas.

2. Three types of two-factor authentication:

Three factors can be used for authentication:

1)something you know 
2)something you have
3)something you are

The most common factor for the first type is knowledge such as passwords. This is to use the knowledge you know for authentication . The authentication process is simple and fast, and there is no error;

The second factor is, for example, physical objects such as IC cards, tokens, and USB Keys (ancient tiger charms are also of this type), and the possession of such objects is used as a sign of authentication . The authentication process is also simple and fast, and there is no error;

The third factor refers to the biological characteristics of a person , such as fingerprints, iris, retina, palmprint, face, etc. These identification elements are unique to each person, and are the strongest for authentication, but the authentication process is relatively slow. And there will be mistakes, and there are two kinds of mistakes: legal authentication is illegal; illegal authentication is illegal.

The so-called two-factor authentication is an authentication method that must use any combination of any two of the above three authentication factors to pass the authentication. For example, ordinary ATM withdrawals require a savings card (two types of factors) and card password (one type of factor) Withdrawal through authentication; fingerprint identification (three types of factors) and BIOS power-on password (one type of factors) often carried by notebooks now provide high-strength authentication for accessing sensitive information in notebooks; the QQ token launched by QQ in 2010 is used to Bind QQ account, QQ login password (password, first-class factor) + token (software, hardware, second-class factor) combination.

Reposted from: https://blog.51cto.com/infosec/414821

Guess you like

Origin blog.csdn.net/fuhanghang/article/details/130374335
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com