Methods of authentication

Comparison of 2FA methods

The technical options for multi-factor authentication (MFA) are versatile and range from paper-based solutions such as TAN lists to hardware-based procedures such as QR Code with reader to the retrieval of biometric data on a smartphone.

In the following overview, we present the various procedures with their advantages and disadvantages. In addition, the table below provides a comparison of the various methods with regard to the criteria of security, user-experience, management and costs. Based on your individual weighting of these factors, you can easily see in our comparison which authentication methods come into question for you.

2FA Methods with advantages and disadvantages

Certificate (PKI)

The 2nd factor is provided by a unique certificate. This can be done for example via USB token, smartcard or also via a PKI soft token.

A distinction is made between Corporate PKI for internal company implementation and Public PKI such as SuisseID.

 

Advantages

  • Suitable for the workplace

 

Disadvantages

  • Not suitable for the masses
  • Poor user experience due to additional hardware required
  • Complex management
  • Exchange processes of expired certificates or smartcards require high administrative effort and costs

Personal Security Environment Token (PSE)

Works like PKI smart card with hardened user interface.
 

Advantages

  •     High security
     

Disadvantages

  •     Complicated application
  •     Complicated delivery and replacement processes
  •     Support complex
  •     Very cost-intensive

 

TAN lists

The user receives a letter with a list of Tan Codes, which are only valid once. By entering the code, the second factor is provided.
 

Advantages

  • Inexpensive, affordable

     

  • Simply

     

Disadvantages

  •     no longer permitted by law, at least not in payment transactions
  •     Backward user experience
  •     Moderate security

Matrix cards

Similar to TAN lists.
 

Advantages

  • Inexpensive, affordable
  • Simply

 

Disadvantages

  • no longer permitted by law
  • Lack of user experience
  • Moderate security

mTAN/SMS-TAN

In order to use this procedure, the user needs a PC and a mobile phone with SMS function and must register the mobile phone number with the supplier. A TAN is sent by SMS, which the user must enter as the 2nd factor.

 

Advantages

  • Simply
  • Good replacement processes when changing phones

 

Disadvantages

  • No SMS reception guarantee
  • This procedure can become very expensive if there are a large number of users and many transactions.
  • In addition, security is no longer guaranteed because the text messages are not encrypted but transmitted in plain text.

Hardware OTP

OTP stands for One-Time Password. Here the user is given a small hardware token that generates a new one-time password every 60 seconds.

 

Advantages

  • Usage relatively simple
  • High security
     

Disadvantages

  • The device must be shipped and replaced if defective.
  • Cost-intensive
  • Application a little tedious
  • Without a hardware token no login can take place.

Software OTP

Like hardware OTP, but the hardware token is replaced by a smartphone app.

 

Advantages

  • Relatively easy to use 
  • No hardware 
  • Good security
     

Disadvantages

  • Application a little tedious
  • Possibly complicated replacement processes
  • Only possible with Smartphone

Push Notification

Via push to a special smartphone app, the user either receives a message which he can simply confirm or reject, or he receives a transaction code, also called pushTAN, which he has to enter.

 

Advantages

  • Application very simple
  • Also suitable for transaction approval
  • Good security
  • No code typing required for online release
  • With WLAN also without mobile network


Disadvantages

  • Only possible with Smartphone
  • Frequent data protection problems with push services that are processed via American clouds

QR-Code or phtoTAN with reader (separate hardware)

With a special reader with camera and display, a displayed QR code is scanned. The transaction code then shown on the display can be used to login or approve an transaction.

 

Advantages

  • Easy to use
  • WYSIWYS principle (What you see is what you sign).
  • High security.

 

Disadvantages

  • The reader must be shipped and replaced if broken.
  • Battery replacement required.
  • The user must have his reader with him.
  • Very cost-intensive

QR Code or phtoTAN with Smartphone App

Works like QR Code, but the reader is replaced by a smartphone app.

 

Advantages

  • Relatively easy to use
  • Good security

 

Disadvantages

  • Potentially complicated delivery and replacement processes

Biometrical via Smartphone

A biometrical factor such as fingerprint or facial recognition is checked via the smartphone.

 

Advantages

  • Easy to use
  • Good security

 

Disadvantages

  • Smartphone must support biometrics
  • Potentially complicated processes if the smartphone has to be replaced due to a defect or new purchase

FIDO 1

Stands for Fast Identity Online and is based on Public Key Cryptography. A smartphone, USB token or Smartwatch is required for the application. Biometric variants can be used.

 

Advantages

  • Good security
  • Free open standard

 

Disadvantages

  • Usability varies by device
  • Potentially complicated delivery and replacement processes
  • Support can become complex, since a wide variety of devices are in use

FIDO 2

Works like FIDO 1 but also via the desktop

 

Advantages

  • Good security
  • Free open standard

 

Disadvantages

  • Potentially complicated delivery and replacement processes
  • Support can become complex, since a wide variety of devices are in use

E-mail OTP

The one-time password (OTP) is sent by e-mail.

 

Advantages

  • cheap

 

Disadvantages

  • Moderate security
  • Moderate user-friendliness

Challenge Response Token (C/R token)

Using a hardware token, the user must first insert the ATM card into the device, then type a code on the device and enter the pin code of the card. Finally, a new code is displayed, which in turn must be entered on the PC.

 

Advantages

  • High security

 

Disadvantages

  • Complicated application
  • Complicated delivery and replacement processes
  • Cost-intensive
  • Support complexity

The main advantages and disadvantages of these methods can be seen at a glance in the following table.

 

TechnologySecurityUser-
Experience
ManagementCosts
Certificate++----
Dicklists---~
Matrix cards~--~
mTan-~~~
Hardware OTP+~--
Software OTP+~~++
Push+++~+
QR Code with OTP++~~~
QR Code without OTP++---
Biometric with hardware++~---
Biometric with Smartphone+++~~
FIDO-2+++~~
FIDO-1+~---
Automated Call+~~~
E-Mail OTP~~~+
PSE++----

Whitepaper Airlock 2FA

The two-factor authentication (2FA, MFA or SCA for short) in the area of IT security offers double the security. In combination with efficient customer identity & access management (cIAM), numerous processes are significantly simplified.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request 2FA whitepaper

Airlock 2FA

Airlock 2FA is integrated into Airlock IAM and makes strong authentication possible with a second factor. Every customer has the management and use of their personal keys on their smartphone (iOS and Android).

Airlock 2FA offers modern authentication methods such as zero touch, one touch, offline QR code, passcode and passwordless. This user-friendly and future-proof solution is also cost-efficient.

The entire functionality is implemented as a REST API and therefore enables seamless integration into modern single page applications (SPA) and native smartphone apps.

Airlock 2FA

More about 2FA in our blog

Security in concrete terms - 2FA in industry

Security in concrete terms - 2FA in industry

Security in concrete terms - 2FA in the banking world

Security in concrete terms - 2FA in the banking world

Security in concrete terms - 2FA in the insurance industry

Security in concrete terms - 2FA in the insurance industry

Ready for excellent IT security?

Contact us now.
Ergon Informatik AG+41 44 268 87 00

Information for you

-Our whitepaper-

IT-security solutions

Digitalisation is presenting businesses with new challenges which go far beyond information technology. This primarily relates to an aspect which is becoming increasingly important: IT security.

Read our whitepaper to find out how IT-Security will become the pioneer of degitalization.

Request free of charge

Accelerate digitisation

To stay technically viable in this digital transformation, you must increasingly switch to hybrid cloud environments. This requires new security approaches as well as coordinated identity and access management.

Find out more in our whitepaper in collaboration with Deloitte, eperi and SHE.

Request free of charge

OWASP Top 10 for API Security

OWASP has created a new Top10 list for API Security. The top 10 listed reflect a broad consensus on what the most important API security issues are at the moment.

In our whitepaper you will learn how our Airlock API addresses the OWASP Top 10.

Request free of charge