Nowaday it is very common that everybody changes their system to a 2-factor authentication system. But before going to the mainstream, let's define what are the possible factors:

  1. Something you know: like a password, you can transmit this kind of information by a simple text. In other words, knowledge.
  2. Something you have: like a credit card, you can transmit this kind of information by giving the item. In other words, a physical token.
  3. Something you are: like your fingerprint, you can transmit this kind of information just if you cut the member from yoursef. In other words, any kind of information attached to your body.

Many studies (not discussed here) show that if you enforce those 3 factors at the same time, people just stop using your system. Therefore, the best is just 2 of 3 factors, you decide which ones.

First factor (something you know) is the most common on any system. Banks and serious enterprises are changing to tow-factors authentication by adding the next most simple factor: something you have.

email2factor is a project born from a brainstorming in my current job. This simple but powerful project will allow you to convert almost any opensource project and linux services into a double factor authenticated one without modifying the code. The magic is simple, email2factor will use email as something you have token.

Hope this will help you alot.

blog comments powered by Disqus