身份三要素认证_为什么要实施两要素认证？

身份三要素认证

Passwords are fairly easy for hackers to compromise these days. Whilst adding random characters and numbers to a password can help to create a string that is more secure than a standard letter-based password, your users are still not completely secure and if your web application was to come under a dictionary attack then there is every possibility that your password could be guessed. One way in which you can protect your users is to introduce 2 factor authentication, an idea that uses either a one-time generated code sent to a user’s mobile phone, or a security device that is in the hands of a user to generate a one-time code, to verify that the user attempting to login to a particular account is indeed the owner of the account.

如今，密码很容易被黑客入侵。 虽然在密码中添加随机字符和数字可以帮助创建比标准的基于字母的密码更安全的字符串，但是您的用户仍然不完全安全，如果您的Web应用程序受到字典攻击，那么每一个都有您的密码可能被猜中的可能性。 保护用户的一种方法是引入2因子身份验证，即使用一次性生成的发送到用户手机的代码或用户手中的安全设备生成一个代码的想法。 -time代码，以验证尝试登录到特定帐户的用户确实是该帐户的所有者。

工业级安全 (Industrial-grade security)

2 factor authentication is something that has been used inside large corporations to provide access to their most important applications for a long time. Simply letting employees login with just a username and password isn’t appropriate for some applications, such as where large data sets of personal information are being handled, and instead 2 factor authentication was seen as being the most secure way of providing employees with access. In a corporate environment 2 factor authentication is usually implemented using the security token method; employees are provided with a small device that is loaded with an algorithm that generates a one-time code. The one-time code can be based on a number of different factors, examples could include the encryption algorithm being used or the time at which the code is generated. The end-user then inputs the one-time code into the web application that they are logging into, with the application containing the algorithm as well so that it is able to corroborate the code provided against the generation criteria to determine its validity.

大企业内部已经使用2因子身份验证来长时间访问其最重要的应用程序。 仅让员工仅使用用户名和密码登录就不适用于某些应用程序，例如正在处理大量个人信息数据集的应用程序，相反，两因素身份验证被认为是为员工提供访问权限的最安全方式。 在公司环境中，通常使用安全性令牌方法来实现2因子身份验证。 为员工提供了一个小型设备，该设备中装有生成一次性代码的算法。 一次性代码可以基于许多不同的因素，示例可以包括所使用的加密算法或生成代码的时间。 最终用户然后将一次性代码输入到他们正在登录的Web应用程序中，同时该应用程序也包含该算法，以便最终用户能够根据生成标准来确认所提供的代码，以确定其有效性。

广泛采用 (Widespread adoption)

It may not be a feature that is actively pushed upon end-users, but 2 factor authentication is something that most popular web services have moved to integrate into their systems as a means of creating a more sec ure environment. Where attacks against popular web services are on the rise, developing a two-tier login architecture will protect your account against any possible breaches. Popular services that you are already using but may not be aware offer 2 factor authentication include Facebook, LinkedIn and Microsoft accounts.

它可能不是主动地推向最终用户的功能，但是2要素认证是大多数流行的Web服务已将其集成到其系统中以创建更安全的环境的一种方式。 在针对流行Web服务的攻击不断增加的情况下，开发两层登录体系结构将保护您的帐户免受任何可能的破坏。 您已经在使用但可能不知道的流行服务提供了两个因素的身份验证，包括Facebook，LinkedIn和Microsoft帐户。

易于整合 (Easy to integrate)

At first it may appear that 2 factor authentication may be quite hard to integrate into your web application. You might be wondering as to how you’re meant to integrate SMS verification services into your app, or how a code generating token might work; however, if you choose to use a third-party service that has these bases covered for you then it can be quite a simple process. By integrating a third-party service with your web application then all you need to think about is how you are going to handle the response from the service that indicates whether the user has been successfully authenticated or not; the process of sending SMS messages containing codes or authenticating the codes generated by a secondary device will be taken care of by your chosen service. This makes it easy to give your web applications a massive boost and even though it costs to implement, the reassurances that you will be able to pass on to your customers are huge.

乍一看，似乎很难将2因素身份验证集成到您的Web应用程序中。 您可能想知道如何将SMS验证服务集成到您的应用程序中，或者代码生成令牌如何工作？ 但是，如果您选择使用为您提供这些基础的第三方服务，那么这可能是一个非常简单的过程。 通过将第三方服务与Web应用程序集成，您只需考虑如何处理来自服务的响应，该响应指示用户是否已成功通过身份验证。 您选择的服务将负责发送包含代码的SMS消息或对由辅助设备生成的代码进行身份验证的过程。 这使您可以轻松地大幅提升您的Web应用程序，即使实施成本高昂，您仍然可以将巨大的保证传递给客户。

翻译自: https://www.eukhost.com/blog/webhosting/why-should-i-implement-2-factor-authentication/

身份三要素认证