Two-factor authentication is also called strong authentication. It is defined as two out of the following three proofs:
• Something known, like a password,
• Something possessed, like your ATM card, or
• Something unique about your appearance or person, like a fingerprint.
When information is particularly sensitive or vulnerable, using a password alone may not be enough protection. A stronger means of authentication, something that’s harder to compromise is necessary. For example, health care information on a shared computer can be both sensitive and vulnerable. It’s sensitive because its exposure could result in HIPAA violations and fines, not to mention the loss of patients’ confidence in the medical institution. And the information is vulnerable if the shared computer can be used by many people or if it is connected to the Internet. These are the kinds of situations that require two-factor authentication. While biometrics is sometimes used with a PIN or password, hardware authenticators or tokens have traditionally been more widely available and supported.