CHAPTER 14

image

Two-Factor Authentication

A system identifies a user through a user identifier, commonly abbreviated to user ID. The process by which a system confirms that a user really is who the user claims to be is called authentication. We saw in Chapter 5 that there are three types of credentials through which a user can be authenticated: knowledge factor (what a user knows), ownership factor (what a user owns), and inherence factor (what a user is).

When you have an authentication mechanism that leverages a combination of two of these factors, it is called two-factor authentication (TFA, T-FA, or 2FA). A real-life example for TFA is an automated ...

Get Pro ASP.NET Web API Security: Securing ASP.NET Web API now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.