PCI DSS 8.3 – Two factor authentication

What is two factor authentication?


Two-factor authentication provides unambiguous identification of users by means of the combination of two different components. These components may be something that the user knows, something that the user possesses or something that is inseparable from the user. A good example from everyday life is the withdrawing of money from a cash machine. Only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, i.e. something that the user knows) allows the transaction to be carried out. Two-factor authentication is type of multi-factor authentication.

Two factor authentication providers


Google authenticator

– Toopher Authentication (https://www.toopher.com/)
– Google Authenticator (code.google.com/p/google-authenticator/)
– Pin Grid Authentication (http://pingrid.org/downloads.html)
– Transakt Authentication (http://gettransakt.com/transakt/)
– Microsoft Authenticator App (http://www.windowsphone.com/en-us/store/app/authenticator)
– Duo Security Authentication (https://www.duosecurity.com/editions)


RSA secureID

– RSA SecurID (www.tokenguard.com/)
– Vasco DIGIPASS (https://www.vasco.com/)
– Yubikey (http://www.yubico.com)
– Gridsure (http://gridsure-security.co.uk)