What is two-factor authentication (2FA)?

What is two-factor authentication (2FA)?

Two-factor authentication (2FA) is an essential security measure designed to enhance the protection of online accounts by requiring two distinct forms of verification. It is a subset of multi-factor authentication (MFA), which uses multiple layers of security to ensure that only authorised users can access their accounts.

Regulatory Background:

The Securities and Exchange Board of India (SEBI) emphasised the importance of robust cybersecurity measures for stockbrokers and depository participants in a circular released on December 3rd, 2018. This directive aimed to protect the integrity of data and prevent privacy breaches. As of September 30th, 2022, brokers across the industry implemented various forms of 2FA to comply with these regulations.

Factors in Two-Factor Authentication:

2FA requires at least two of the following distinct factors to authenticate a user:

1.     What a Person Knows:

o   This includes information known only to the user, such as a Personal Identification Number (PIN) or Date of Birth (DOB).

2.     What a Person Doesn't Know and is Random:

o   This includes randomly generated codes, such as a One-Time Password (OTP) or Time-based One-Time Password (TOTP).

3.     What a Person Has in Their Possession:

o   This includes physical devices that the user possesses, such as a smartphone, smartcard, or hardware token.

4.     What a Person Is:

o   This involves biometric verification, such as fingerprint, facial recognition, or voice recognition.

Examples and Clarifications:

·        Valid 2FA Combinations:

o   A valid 2FA setup might include an OTP sent to the user's phone (something they have) and a PIN (something they know).

o   Another valid combination could be using a biometric scan (something they are) along with a hardware token (something they have).

·        Invalid 2FA Combination:

o   Using just a Date of Birth (DOB) and a PIN is not considered valid 2FA. Both pieces of information fall under the "what a person knows" category and, thus, do not meet the requirement of having two distinct types of factors.


    • Related Articles

    • What is two-factor authentication(2FA)?

      Two factor authentication is a security feature where a customer needs to fulfill the two authentication criteria to login into a system. One authentication will be OTP/Device ID, and another one will be the DOB/PIN depending on the scenarios of ...
    • Why do I need two-factor authentication in 5paisa?

      The two-factor authentication feature is needed in 5Paisa to ensure that your account is accessed only by you, even if someone has access to your password. This makes sure that all your securities and transactions are protected and are not accessible ...
    • What are the API Login steps?

      Implementing 2FA in API login adds a layer of security, helping to mitigate the risk of unauthorised access and enhancing the overall security posture. Users can choose the authentication method that best suits their needs while ensuring secure ...
    • How do you set up 2FA security to log in to 5Paisa web/ APP?

      Enhancing your account security with Two-Factor Authentication (2FA) on 5Paisa is simple and essential. In compliance with the NSE circular Ref no 36/2022, we’re adding an extra layer of protection to ensure the safety of your transactions. Here’s ...
    • What is the 5Paisa Trade Station login process and various functions?

      . Here is a comprehensive overview of the 5paisa trading platform, highlighting its key features and functionalities designed to empower your trading experience. Login and Security Login requires two-factor authentication (2FA) with a one-time ...