Methods of authentication

Comparison of 2FA methods

The technical options for multi-factor authentication (MFA) are versatile and range from paper-based solutions such as TAN lists to hardware-based procedures such as QR Code with reader to the retrieval of biometric data on a smartphone.

In the following overview, we present the various procedures with their advantages and disadvantages. In addition, the table below provides a comparison of the various methods with regard to the criteria of security, user-experience, management and costs. Based on your individual weighting of these factors, you can easily see in our comparison which authentication methods come into question for you.

2FA Methods with advantages and disadvantages

Certificate (PKI)

The 2nd factor is provided by a unique certificate. This can be done for example via USB token, smartcard or also via a PKI soft token.

A distinction is made between Corporate PKI for internal company implementation and Public PKI such as SuisseID.

 

Advantages

  • Suitable for the workplace

 

Disadvantages

  • Not suitable for the masses
  • Poor user experience due to additional hardware required
  • Complex management
  • Exchange processes of expired certificates or smartcards require high administrative effort and costs

Personal Security Environment Token (PSE)

Works like PKI smart card with hardened user interface.
 

Advantages

  •     High security
     

Disadvantages

  •     Complicated application
  •     Complicated delivery and replacement processes
  •     Support complex
  •     Very cost-intensive

 

TAN lists

The user receives a letter with a list of Tan Codes, which are only valid once. By entering the code, the second factor is provided.
 

Advantages

  • Inexpensive, affordable

     

  • Simply

     

Disadvantages

  •     no longer permitted by law, at least not in payment transactions
  •     Backward user experience
  •     Moderate security

Matrix cards

Similar to TAN lists.
 

Advantages

  • Inexpensive, affordable
  • Simply

 

Disadvantages

  • no longer permitted by law
  • Lack of user experience
  • Moderate security

mTAN/SMS-TAN

In order to use this procedure, the user needs a PC and a mobile phone with SMS function and must register the mobile phone number with the supplier. A TAN is sent by SMS, which the user must enter as the 2nd factor.

 

Advantages

  • Simply
  • Good replacement processes when changing phones

 

Disadvantages

  • No SMS reception guarantee
  • This procedure can become very expensive if there are a large number of users and many transactions.
  • In addition, security is no longer guaranteed because the text messages are not encrypted but transmitted in plain text.

Hardware OTP

OTP stands for One-Time Password. Here the user is given a small hardware token that generates a new one-time password every 60 seconds.

 

Advantages

  • Usage relatively simple
  • High security
     

Disadvantages

  • The device must be shipped and replaced if defective.
  • Cost-intensive
  • Application a little tedious
  • Without a hardware token no login can take place.

Software OTP

Like hardware OTP, but the hardware token is replaced by a smartphone app.

 

Advantages

  • Relatively easy to use 
  • No hardware 
  • Good security
     

Disadvantages

  • Application a little tedious
  • Possibly complicated replacement processes
  • Only possible with Smartphone

Push Notification

Via push to a special smartphone app, the user either receives a message which he can simply confirm or reject, or he receives a transaction code, also called pushTAN, which he has to enter.

 

Advantages

  • Application very simple
  • Also suitable for transaction approval
  • Good security
  • No code typing required for online release
  • With WLAN also without mobile network


Disadvantages

  • Only possible with Smartphone
  • Frequent data protection problems with push services that are processed via American clouds

QR-Code or phtoTAN with reader (separate hardware)

With a special reader with camera and display, a displayed QR code is scanned. The transaction code then shown on the display can be used to login or approve an transaction.

 

Advantages

  • Easy to use
  • WYSIWYS principle (What you see is what you sign).
  • High security.

 

Disadvantages

  • The reader must be shipped and replaced if broken.
  • Battery replacement required.
  • The user must have his reader with him.
  • Very cost-intensive

QR Code or phtoTAN with Smartphone App

Works like QR Code, but the reader is replaced by a smartphone app.

 

Advantages

  • Relatively easy to use
  • Good security

 

Disadvantages

  • Potentially complicated delivery and replacement processes

Biometrical via Smartphone

A biometrical factor such as fingerprint or facial recognition is checked via the smartphone.

 

Advantages

  • Easy to use
  • Good security

 

Disadvantages

  • Smartphone must support biometrics
  • Potentially complicated processes if the smartphone has to be replaced due to a defect or new purchase

FIDO 1

Stands for Fast Identity Online and is based on Public Key Cryptography. A smartphone, USB token or Smartwatch is required for the application. Biometric variants can be used.

 

Advantages

  • Good security
  • Free open standard

 

Disadvantages

  • Usability varies by device
  • Potentially complicated delivery and replacement processes
  • Support can become complex, since a wide variety of devices are in use

FIDO 2

Extends FIDO 1 with authentication in the web browser (WebAuthN) and on the operating system.

 

Advantages

  • Good security
  • Free open standard
  • Increasing support from hardware and software vendors

 

Disadvantages

  • Potentially complicated delivery and replacement processes
  • No support for transaction signing
  • Support can become complex, since a wide variety of devices are in use

E-mail OTP

The one-time password (OTP) is sent by e-mail.

 

Advantages

  • cheap

 

Disadvantages

  • Moderate security
  • Moderate user-friendliness

Challenge Response Token (C/R token)

Using a hardware token, the user must first insert the ATM card into the device, then type a code on the device and enter the pin code of the card. Finally, a new code is displayed, which in turn must be entered on the PC.

 

Advantages

  • High security

 

Disadvantages

  • Complicated application
  • Complicated delivery and replacement processes
  • Cost-intensive
  • Support complexity

The best choice for your business

You want to set up 2-factor authentication for specific services in your organization, but you don't know which method fits your needs. Or are you already using 2FA but not satisfied with the implementation? Then take a moment to fill out our 2FA questionnaire and you'll receive advice and recommendations that match your information.

To the 2FA questionnaire

The main advantages and disadvantages of these methods can be seen at a glance in the following table.

 

TechnologySecurityUser-
Experience
ManagementCosts
Certificate++----
TAN lists---~
Matrix cards~--~
mTan-~~~
Hardware OTP+~--
Software OTP+~~++
Push+++~+
QR Code with OTP++~~~
QR Code without OTP++---
Biometric with hardware++~---
Biometric with Smartphone+++~~
FIDO-2+++~~
FIDO-1+~---
Automated Call+~~~
E-Mail OTP~~~+
PSE++----

Whitepaper Airlock 2FA

The two-factor authentication (2FA, MFA or SCA for short) in the area of IT security offers double the security. In combination with efficient customer identity & access management (cIAM), numerous processes are significantly simplified.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request 2FA whitepaper

Airlock 2FA

Airlock 2FA is integrated into Airlock IAM and makes strong authentication possible with a second factor. Every customer has the management and use of their personal keys on their smartphone (iOS and Android).

Airlock 2FA offers modern authentication methods such as one touch, offline QR code, passcode and passwordless. This user-friendly and future-proof solution is also cost-efficient.

The entire functionality is implemented as a REST API and therefore enables seamless integration into modern single page applications (SPA) and native smartphone apps.

Airlock 2FA

More about 2FA in our blog

2FA

3 steps to drive passwordless authentication and obliterate passwords forever - Part 1

2FA

3 steps to drive passwordless authentication and obliterate passwords forever - Part 2

2FA

Determining the perfect second factor – Found the needle in the haystack yet?

Ready for excellent IT security?

Contact us now.
Ergon Informatik AG+41 44 268 87 00

Information for you

-Our whitepapers-

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge