Multi-factor using a generator

Authentication

This type of multi-factor authentication involves a person entering a code generated by an app or a device when requesting access to data.

The code is specific to that person and the device the code is generated on. It’s also single use and expires after a short amount of time. If the person enters a valid code, it is assumed that they have physical ownership over the nominated device that codes can be generated on.

Passwords can be guessed or stolen, so by requiring extra information sent to a device controlled by a particular person, it increases the confidence that the request to access data should be allowed.

Examples

  • Two Factor Auth List: a directory of online services and whether they allow multi-factor authentication

  • Google Authenticator: a mobile phone app that manages and generates codes for digital services

  • Yubikey

  • Some banks provide code generators to customers when logging in to online banking

Related patterns