Secure Mobile Access 100 10.2 Administration Guide

How Does Two-Factor Authentication Work?

Two-factor authentication requires the use of a third-party authentication service, or two separate RADIUS authentication servers.

With two-factor authentication, users must enter a valid temporary passcode to gain access. A passcode consists of the following:

  • The user’s personal identification number (PIN)
  • A temporary token code or password

When two RADIUS servers are used, the second stage PIN or password can be sent to the user through SMS or email. NetExtender login provide extra challenge(s) for entering it.

When a third-party authentication service is used, it consists of two components:

  • An authentication server on which the administrator configures user names, assigns tokens, and manages authentication-related tasks.
  • Physical tokens that the administrator gives to users which display temporary token codes.

Users receive the temporary token codes from their RSA or VASCO token cards. The token cards display a new temporary token code every minute. When the RSA or VASCO server authenticates the user, it verifies that the token code time stamp is current. If the PIN is correct and the token code is correct and current, the user is authenticated.

Because user authentication requires these two factors, the dual RADIUS server solution, the RSA SecureID solution, and the VASCO DIGIPASS solution offers stronger security than traditional passwords (single-factor authentication).

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.