Table of contentsIntroductionPhysical device and unique credentialsRemote certificationMulti-factor authentication schemeUniversal 2nd factor security keysBiometricsSmart cardsMobile applicationsSMS, email and voice callsSoftware certificationConclusionIntroductionWith the development of technology, the Network system plays an increasingly important role in society. People need social media to maintain their contracts with their friends or colleagues, organizations need a network to share meeting history. and the company needs a network to cooperate with third parties. However, every emerging technology always comes with problems. One of the serious problems related to data transmission is cybercrime. There is so much sensitive data stored on Cloudy, and not only the user can connect to the server, but also hackers, which means that sensitive data always remains at risk after the network is born. According to the ACSC (Australian Cyber ​​Security Centre) (2017 p15, pp21 - 22), data leaks or malicious emails accounted for 27% of total cybercrime. Additionally, the number of cybercrimes related to special devices is increasing. Cybercrime is therefore one of the inevitable problems of networks. Recently, one of the emerging authentication is used in most of the websites to improve the security capability of websites, namely second-factor authentication. However, comparing traditional authentication (single sign-on), what role does second-factor authentication play in businesses? What methods does second-factor authentication have? The article will focus on discussing the problem. Say no to plagiarism. Get a tailor-made essay on “Why violent video games should not be banned”?Get the original essayMitigate the risks:According to the ACSC report on multi-factor authentication (protect 2017 p1), it is doubtful that, Compared to single sign-on, multi-factor authentication can provide better protection of sensitive data. However, with the use of a different second-factor authentication scheme, it may bring different advantages or disadvantages to the user. Generally, multi-factor authentication has three benefits to mitigate the risk of a security issue: reducing probability, physical devices, single-use credentials, and remote certification. Reduce the probability: As we know, one of the security problems related to authentication is that some users tend to set a weak password, which can be broken by violent hacking. The second password problem in authentication is password reuse (USER AUTHENTICATION TRENDS: BLURRED LIMITS AND NEW METHODS 2018 p2). Nowadays people have different accounts on different web pages which is difficult for user to remember different passwords in different accounts. So, many people like to create the same password in different accounts. Once the password is hacked, the attacker can use the password to access all users' accounts (Passwords: Threats and Counter-Measures nd). In this case, multi-factor authentication is an effective way to reduce risk. Compared to single sign-on, multiple sign-on is created by the system, which means it should not have any authentication problems (protect 2017 pp1). Physical device and informationIf the key problem with single sign-on is password leakage or theft, multi-factor authentication may be the best way to get rid of it. A hacker can use several methods to steal a password, but it is difficult to steal one-time credentials unless you steal the user's device (Protect 2017 pp1 - 2). One of the examples is mobile device authentication. When the user wants to access their account, they not only need an account ID and password, but they also need to enter a one-time PIN from SMS. Of course, one of the limitations of the system is the number of users. If the users are poor people and do not have a mobile device, the system not only makes the system complex but also leads to extremely poor user experience. However, it is expected that by the end of 2018, more than 84% of the population (6.2 billion) will own a mobile device worldwide (Radicati 2014), meaning that the mobile device is already a kind of mobileuniversal device in the world, and an SMS authentication system is implemented. Remote Certification When the multi-factor authentication policy is used in the system, a minimum authentication message is left on the device. In my opinion, in general, hackers can steal data from three sources: database, data transmission and private device. If the first benefit is used to describe how multi-factor authentication against hackers makes it possible to guess users' passwords in the database, and the second makes eavesdropping no longer make sense, the latter advantage is used for private devices. Even though the thief has stolen local computer history data, he still cannot view or access the user account because he cannot pass the authentication of others (protect 2017 p2). Some may think that employee theft seems quite brutal, and it happens in big companies, there is no need to point out the benefit? If we just need to fight viruses or be ported to the Internet, why don't we just use a firewall? Actually, that's not true. According to a study conducted by HISCO (Karpp 2017 pp2 & 6), there have been 2.2 million cases of theft worldwide and 68% of the cases occurred in small or medium-sized businesses over the last four years . Meanwhile, data thieves account for 18% of total employee theft, and 20% of employee theft cases are due to Internet rule (EMPLOYEE THEFT: WHY IT'S THE ONE OF THE BIGGEST THREATS TO YOUR BUSINESS (AND HOW TO STOP IT) 2017). Multi-Factor Authentication Scheme As I mentioned earlier, not all multi-factor authentication schemes are effective for different business systems. Below, the characteristics of multi-factor authentication methods will be discussed. Generally, multi-factor authentication schemes can be divided into 7, which are universal second-factor security keys, one-time code physical tokens, biometrics, smart cards, mobile applications, SMS, email , voice call and software certification (protect 2017 p2). Universal 2nd factor security keys. The method is a kind of non-synchronized encryption method. When users apply a review, they will need to click the button to send the public key to the service. Then the server will check if the key is correct and valid by private key. Through processing, the server canverify user identity and provide or deny access requirements. In order to implement the method, there are several requirements for the employee and the system. First, the system must be used frequently. Otherwise, it doesn't make sense whether the system keeps a private or public key long term. Secondly, the security key should not be stored on any device to avoid any traces of hackers. Third, the system should send a notification to ensure that users get the most recent security key when the key is updated. If the dot is ignored, the authenticated user may not be able to access the document. Meanwhile, when the user device sends security keys, version information should also be required, which may prevent the user from sending an expired security key. Last but not least, when the user loses or misses keys, he or she should report the situation as soon as possible, as this may result in leakage of sensitive company data (Protect 2017 p5). Compared to the previous method, single-use physical PIN situation. the key is completely opposite. The method belongs to the theory of synchronized encryption, which means that the key used by the server to verify is the same as the key of the user's device. Compared to unsynchronized encryption, encryption can be easily cracked. To remedy this drawback, the life cycle of the key is shorter than that of the previous one. Most single pin token policies are quite similar to the previous one. However, since the one-time PIN is always updated in a short time, the system does not need to notify the user device. Otherwise, it will be annoying to update customers' key in a short time. As an exchange, the system is required to notify the key when users need to access their authentication right (Protect 2017 p5). Biometrics As we know, each biology has unique characteristics compared to others. So why don't we use these features as second-factor authentication? When the user wants to view or access the data is cloudy, the server will ask the user to provide part of their body features to identify the user. Some find this ridiculous because it is difficult to implement. However, this type of method is already used in reality. But it is used to detect crimes except for authentication. According to research, the FBI and some countries use biometrics to detect crimes (Kabir & Bose 2017). However, compared to previous methods, biometrics has its limitations. One of the problems is the encryption problem. Even if people's characteristics differ, they must be transferred to digital data. If a hacker listens to the data transmission, he can also receive the user's characteristic data. In addition, because the biological situation is dynamic, after swimming or growing, the characteristics of some body parts are different from before, which may cause users' application to be rejected by the server. For this reason, the policy of the method is different from that of the previous method. The user should receive a notification when the server requires authentication. Then, except for biometrics, the system must provide another verification method when the user cannot use biometrics (Protect 2017 p6). Smart cards The smart card belongs to the theory of non-synchronized encryption. It is a device that has an algorithm and can calculate a dynamic private key or a.