Two-step verification is a security or privacy process involving two stages to verify the identity of a user trying to access services in a computer or in a network. If more than two steps are involved, the process is called multi-step verification. An even more complex form of multi-step verification is called multi-step authentication. (Other terms used to describe various forms of this type of security process include multi-factor authentication, two-factor authentication, two-step verification, TFA, T-FA or 2FA)
Types of verification
Those who work in fields related to security use various terms to describe different types (steps, factors) of verification or authentication. In each factor, the user must present something that is followed by the validation approval by the other party.
- Knowledge factor - Something only the user knows (e.g., password, PIN, pattern);
- Possession factor - Something only the user has (e.g., ATM card, smart card, mobile phone)
- Inherence factor - Something only the user is (e.g., biometric characteristic, such as a fingerprint)
Automated Teller Machine (ATM) two-step verification
One of the most familiar examples of a two-step verification process is the use of an automated teller that requires both a magnetic strip ATM card (possession factor) and a PIN number (knowledge factor). (Note: ATM cards with an embedded chip, referred to as "smartcards," use additional security measures.)
Online two-step verification
A growing number of online services (e.g., Google, Twitter ) are using a form of two-step verification that treats the user's mobile phone as a "possession factor." After entering a correct username and password (a knowledge factor), the user's mobile phone (possession factor) is sent a temporary access code via SMS messaging (text-messaging). For times when your phone isn't handy, Google's authentication service provides some backup codes you can print out.