Join Date: Nov 2006
Location: Lenexa, KS
Bikes: 06 Trek 1200 - 98 DB Outlook - 99 DB Sorrento
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
So let me get this straight... There are usually three possible metrics for authentication.
What you know (password, PIN, account number, login)
What you have (token, card, key)
Who you are (Retinal scan, biometric thumbprint, IR thermal map of your hand)
Most things have one factor. BikeForums just goes by what you know (user name and password). So do most combination locks. Cars go by what you have (a physical key). All one factor authentication.
This token is an encrypted device that fulfills the second factor (what you have), right?
You don't need to explain technically what the purpose is. Just tell them that two factor authentication is like having to know a password as well as having a key. Tell them that the reason the token is more secure than a USB key is because it can't be copied because of the encryption, so it is totally unique, much like the high-end keys found on luxury automobiles.
What you know can be passed along. You could intentionally or accidentally disclose your password to 10 people. Those 10 people could all masquerade as you and use your account.
What you have can only exist at one place at one time. If you don't have it, you know you don't have it, which means someone else may have it. 10 people can't use the token at the same time. It's also much easier to keep tabs on physical things (like a USB encrypted token, a set of keys, or your eyeglasses) than it is to keep tabs on your password. A shoulder-surfer can memorize your password but they can't use your token. A keystroke logger can record your password and e-mail it to an attacker, but it can't e-mail a physical device to the attacker.
That is why two factor authentication is more secure.