I am doing a HIPAA application soon and it requires 2 factor authentication. Can anyone give me an example? I am thinking a secure login and then a form that requires the user to enter their birth date or something.
Thanks, Darren
I am doing a HIPAA application soon and it requires 2 factor authentication. Can anyone give me an example? I am thinking a secure login and then a form that requires the user to enter their birth date or something.
Thanks, Darren
There are 3 general types of factors:
You need to pick from 2 of these 3 categories to have true 2-factor authentication.
2-factor authentication usually requires something the user knows, like a password, and a token from something the user has, like a SecurID fob, or nowadays maybe a biometric identifier, like a fingerprint reader.
A password & birthday, while being two distinct things, are both knows items and wouldn't constitute a proper 2-factor identification.
See this article or search for information using "2 factor authentication", Google and Bing both show lots of references.
What you're describing (password + verification input) is still single factor authentication.
Two factor authentication also requires something the user has in their possession (smart card, dongle, etc.)
Three factor authentication (for completeness) is all of the above plus some sort of biometric input from the user (fingerprint, retinal scan, hand geometry)
2FA will be simple One time password as hardware or software (mobile , PC ) and
we have done few deployments of 2FA tokens for HIPAA compliance.
CryptoPhoto is a very easy to use "Strong Authentication" 2FA solution, with additional protection aginst Phising and other threats. You don't have to ship expensive hardware gadgetry to end users either - it's a fully self-contained solution.