Higher levels of authentication for more secure communications
Most attacks originate from remote internet connections, so 2FA makes these attacks less threatening, because obtaining passwords is not sufficient for access, and it is unlikely an attacker would also be able to obtain the second authentication factor associated with a user account.
However, attackers sometimes break an authentication factor in the physical world. A persistent search of the target premises, for example, might yield an employee ID and password in the trash, or in carelessly discarded storage devices containing password databases. If additional factors are required for authentication, however, the attacker would face at least one more obstacle. Because the factors are independent, compromise of one should not lead to the compromise of others.
This is why some high-security environments require three-factor authentication, which typically involves possession of a physical token and a password used in conjunction with biometric data, such as fingerprint scans or voiceprints. Factors such as geolocation, type of device and time of day are also being used to help determine whether a user should be authenticated or blocked. Additionally, behavioral biometric identifiers, like a user’s keystroke length, typing speed and mouse movements, can be discreetly monitored in real time to provide continuous authentication, instead of a single one-off authentication check during login.