So what is Two-Factor authentication anyway?

Simply put, two-factor authentication is using two different methods to prove and confirm your identity. This is common in banking systems, for example (think about your ATM transaction: you need a debit card and a PIN).  Two-factor authentication is becoming more widely used in physical access control.


Using Two Factor authentication in Physical Access Control Systems

The 3 Whats…

  1. What you have (a key card or fob)
  2. What you know (a PIN)
  3. What you are (a biometric factor)


Can you use all three?

Certainly yes!  This is now called multi-factor authentication.


What systems allow for two-factor authentication?

  • Most systems allow for Key Card and PIN combinations.
  • Most biometric/card reader combinations contain the logic within the unit itself.  If the biometric measurement and the card match, a signal is sent to the controller that the credential is present.
  • Newer systems allow for the factors to be received as separate inputs allowing for multi-factor authentication.


Duress PIN or Duress Finger?

A newer and clever feature of some systems allows for access to an area, but also sends a distress signal to the system.  If you are being forced to open a door under duress, you can type an extra number into the keypad or use a different finger than you normally would on the scanner.  You still gain access, but also alert the system that you are in trouble.  It is important to note that this needs to be configured ahead of time.


Biometric Factors

  • Fingerprint
  • Palm
  • Hand geometry
  • Iris
  • Face
  • Voice
  • Signature
  • Behavior or movement patterns


What is a common misconception?

Some people confuse using two items from the same category as two factor authentication.  For example online, your username and password are both things you know.  This is not two-factor authentication, because there isn’t another factor from a different category.  This is less common with physical systems because the physical item, the key card, is typically the first factor and your PIN or biometric is the second.

Comments are closed.