Multi-Factor Authentication is generally required to access CMS sensitive data. Multi-Factor Authentication uses a combination of two (or more) different token attributes (also known as factors), to authenticate the user.
• The first is what users know. This is usually a password, but this can also include a user response to a secret challenge question. (This is generally known as Knowledge Based Authentication and, by itself, is insufficient for authentication to most CMS sensitive information.)
• The second is what users have. This could be a physical object (hard token), for example, a smart card, or hardware token that generates one-time-only passwords. It might also be some encrypted software token (soft token) installed on an individual’s system (usually with very limited functional parameters for use).
• The third is who users are, as indicated by some biometric characteristic, such as a fingerprint or an iris pattern.
Two-factor authentication means that instead of using only one single type of authentication token or factor, such as only things a user knows (passwords, shared secrets, solicited personal information, etc.), a second token or factor, something the user has or something the user is, must also be supplied in order to complete the authentication process.