Skip to Main Content
USA
Select regional store:
Learn for less: Save 25% on high-quality instructor-led and self-paced foundation training | Find out more
Two-Factor Authentication

Two-Factor Authentication


SKU: 4569
Authors: Mark Stanislav
Publishers: ITGP
Format: PDF
ISBN13: 9781849287333
Published: 16 Apr 2015
Availability: In Stock
Format: ePub
ISBN13: 9781849287340
Published: 16 Apr 2015
Availability: In Stock
  • An introduction to the topic of two-factor authentication.
  • Provides a comprehensive evaluation of popular secondary authentication methods.
  • Presents international examples of standards and regulations that make two-factor authentication a component of security guidance.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our training sales team on +1 877 317 3454.

Options:
Price: $16.99
Overview

Passwords are not enough

A password is a single authentication factor—anyone who has it can use it. No matter how strong it is, if it’s lost or stolen, it’s entirely useless at keeping information private.

To secure your data properly, you also need to use a separate, secondary authentication factor.


Data breaches are now commonplace

In recent years, large-scale data breaches have increased dramatically in both severity and number, and the loss of personal information—including password data—has become commonplace.

Furthermore, the fact that rapidly evolving password-cracking technology and the habitual use—and reuse—of weak passwords has rendered the security of username and password combinations negligible and you have a very strong argument for more robust identity authentication.

Consumers are beginning to realize just how exposed their personal and financial information is and are demanding better security from the organizations that collect, process,  and store it. This has led to a rise in the adoption of two-factor authentication (TFA or 2FA).

In the field of authentication security, the method of proving identity can be broken down into three characteristics—roughly summarized as "what you have," "what you are," and "what you know." Two-factor authentication relies on the combination of two of these factors.


Product overview

TFA is nothing new. It’s mandated by requirement 8.3 of the Payment Card Industry Data Security Standard (PCI DSS) and banks have been using it for years, combining payment cards ("what you have") and PINs ("what you know"). If you use online banking, you’ll probably also have a chip authentication program (CAP) keypad, which generates a one-time password (OTP).

What is new is TFA’s rising adoption beyond the financial sector.

Two-Factor Authentication provides a comprehensive evaluation of popular secondary authentication methods, such as:

  • Hardware-based OTP generation
  • SMS-based OTP delivery
  • Phone call-based mechanisms
  • Geolocation-aware authentication
  • Push notification-based authentication
  • Biometric authentication factors
  • Smart card verification

As well as examining MFA (multi-factor authentication), 2SV (two-step verification), and strong authentication (authentication that goes beyond passwords, using security questions or layered security), the book also discusses the wider application of TFA for the average consumer—for example, at such organizations as Google, Amazon, and Facebook. It also considers the future of multi-factor authentication, including its application to the Internet of Things (IoT).

Increasing your password strength will do absolutely nothing to protect you from online hacking, phishing attacks,  or corporate data breaches. If you’re concerned about the security of your personal and financial data, you need to read this book.

Two-Factor Authentication is part of the Fundamentals Series. 

About the author

Mark Stanislav

Mark Stanislav is an information technology professional with over a decade’s varied experience in systems administration, web application development and information security. He is currently a senior security consultant for the Strategic Services team at Rapid7.

Mark has spoken internationally at nearly 100 events, including RSA, DEF CON, SecTor, SOURCE Boston, ShmooCon and THOTCON. News outlets such as the Wall Street Journal, Al Jazeera America, Fox Business, MarketWatch, CNN Money, Yahoo Finance, Marketplace,  and The Register have featured Mark’s research, initiatives, and insights on information security.

Mark earned both a BSc in networking & IT administration and an MSc in technology studies, focused on information assurance, from Eastern Michigan University. He also holds CISSP, Security+, Linux+,  and CCSK certifications.

Customer reviews

top
This website uses cookies. View our cookie policy
SAVE 25% ON
FOUNDATION
TRAINING
Loading...