Q: What is two-factor authentication, and how does it help secure remote access?
A: In short, two-factor authentication can be thought of as something a user knows and something the user has that will conclusively validate the identity of the person logging into the network. Usually, the part that a user knows, the first factor, is a user name and password. Without the second factor, if that information was ever compromised, someone else could use those credentials to log in.
The second factor of two-factor authentication ensures that someone accessing the network is actually who they claim to be. The second factor cannot be more information that a user knows. Instead, it should be something physical such as a fingerprint, a token, an individual SSL certificate or something else unique to the individual. Newer approaches involving two-factor authentication use a random six-digit number sent to a cell phone or email account. The number is keyed in to a field below the user name and password and is typically good for two minutes.