Comparison of 2FA methods

The technical options for multi-factor authentication (MFA) are versatile and range from paper-based solutions such as TAN lists to hardware-based procedures such as QR Code with reader to the retrieval of biometric data on a smartphone.

In the following overview, we present the various procedures with their advantages and disadvantages. In addition, the table below provides a comparison of the various methods with regard to the criteria of security, user-experience, management and costs. Based on your individual weighting of these factors, you can easily see in our comparison which authentication methods come into question for you.

Certificate (PKI)

The 2nd factor is provided by a unique certificate. This can be done for example via USB token, smartcard or also via a PKI soft token.

A distinction is made between Corporate PKI for internal company implementation and Public PKI such as SuisseID.

Advantages

Suitable for the workplace

Disadvantages

Not suitable for the masses
Poor user experience due to additional hardware required
Complex management
Exchange processes of expired certificates or smartcards require high administrative effort and costs

Personal Security Environment Token (PSE)

Works like PKI smart card with hardened user interface.

Advantages

High security

Disadvantages

Complicated application
Complicated delivery and replacement processes
Support complex
Very cost-intensive

TAN lists

The user receives a letter with a list of Tan Codes, which are only valid once. By entering the code, the second factor is provided.

Advantages

Inexpensive, affordable
Simply

Disadvantages

no longer permitted by law, at least not in payment transactions
Backward user experience
Moderate security

Matrix cards

Similar to TAN lists.

Advantages

Inexpensive, affordable
Simply

Disadvantages

no longer permitted by law
Lack of user experience
Moderate security

mTAN/SMS-TAN

In order to use this procedure, the user needs a PC and a mobile phone with SMS function and must register the mobile phone number with the supplier. A TAN is sent by SMS, which the user must enter as the 2nd factor.

Advantages

Simply
Good replacement processes when changing phones

Disadvantages

No SMS reception guarantee
This procedure can become very expensive if there are a large number of users and many transactions.
In addition, security is no longer guaranteed because the text messages are not encrypted but transmitted in plain text.

Hardware OTP

OTP stands for One-Time Password. Here the user is given a small hardware token that generates a new one-time password every 60 seconds.

Advantages

Usage relatively simple
High security

Disadvantages

The device must be shipped and replaced if defective.
Cost-intensive
Application a little tedious
Without a hardware token no login can take place.

Software OTP

Like hardware OTP, but the hardware token is replaced by a smartphone app.

Advantages

Relatively easy to use
No hardware
Good security

Disadvantages

Application a little tedious
Possibly complicated replacement processes
Only possible with Smartphone

Push Notification

Via push to a special smartphone app, the user either receives a message which he can simply confirm or reject, or he receives a transaction code, also called pushTAN, which he has to enter.

Advantages

Application very simple
Also suitable for transaction approval
Good security
No code typing required for online release
With WLAN also without mobile network

Disadvantages

Only possible with Smartphone
Frequent data protection problems with push services that are processed via American clouds

QR Code or photoTAN with reader (separate hardware)

With a special reader with camera and display, a displayed QR code is scanned. The transaction code then shown on the display can be used to login or approve an transaction.

Advantages

Easy to use
WYSIWYS principle (What you see is what you sign).
High security.

Disadvantages

The reader must be shipped and replaced if broken.
Battery replacement required.
The user must have his reader with him.
Very cost-intensive

QR Code or photoTAN with Smartphone App

Works like QR Code, but the reader is replaced by a smartphone app.

Advantages

Relatively easy to use
Good security

Disadvantages

Potentially complicated delivery and replacement processes

Biometrical via Smartphone

A biometrical factor such as fingerprint or facial recognition is checked via the smartphone.

Advantages

Easy to use
Good security

Disadvantages

Smartphone must support biometrics
Potentially complicated processes if the smartphone has to be replaced due to a defect or new purchase

FIDO 1

Stands for Fast Identity Online and is based on Public Key Cryptography. A smartphone, USB token or Smartwatch is required for the application. Biometric variants can be used.

Advantages

Good security
Free open standard

Disadvantages

Usability varies by device
Potentially complicated delivery and replacement processes
Support can become complex, since a wide variety of devices are in use

FIDO 2

Extends FIDO 1 with authentication in the web browser (WebAuthN) and on the operating system.

Advantages

Good security
Free open standard
Increasing support from hardware and software vendors

Disadvantages

Potentially complicated delivery and replacement processes
No support for transaction signing
Support can become complex, since a wide variety of devices are in use

E-mail OTP

The one-time password (OTP) is sent by e-mail.

Advantages

cheap

Disadvantages

Moderate security
Moderate user-friendliness

Challenge Response Token (C/R token)

Using a hardware token, the user must first insert the ATM card into the device, then type a code on the device and enter the pin code of the card. Finally, a new code is displayed, which in turn must be entered on the PC.

Advantages

High security

Disadvantages

Complicated application
Complicated delivery and replacement processes
Cost-intensive
Support complexity

The best choice for your business

You want to set up 2-factor authentication for specific services in your organization, but you don't know which method fits your needs. Or are you already using 2FA but not satisfied with the implementation? Then take a moment to fill out our 2FA questionnaire and you'll receive advice and recommendations that match your information.

To the 2FA questionnaire

The main advantages and disadvantages of these methods can be seen at a glance in the following table.

Technology	Security	User- Experience	Management	Costs
Certificate	++	--	-	-
TAN lists	-	-	-	~
Matrix cards	~	-	-	~
mTan	-	~	~	~
Hardware OTP	+	~	-	-
Software OTP	+	~	~	++
Push	+	++	~	+
QR Code with OTP	++	~	~	~
QR Code without OTP	+	+	-	--
Biometric with hardware	++	~	-	--
Biometric with Smartphone	+	++	~	~
FIDO-2	++	+	~	~
FIDO-1	+	~	-	--
Automated Call	+	~	~	~
E-Mail OTP	~	~	~	+
PSE	++	-	-	--

Whitepaper Airlock 2FA

The two-factor authentication (2FA, MFA or SCA for short) in the area of IT security offers double the security. In combination with efficient customer identity & access management (cIAM), numerous processes are significantly simplified.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request 2FA whitepaper

Airlock 2FA

Airlock 2FA is integrated into Airlock IAM and makes strong authentication possible with a second factor. Every customer has the management and use of their personal keys on their smartphone (iOS and Android).

Airlock 2FA offers modern authentication methods such as one touch, offline QR code, passcode and passwordless. This user-friendly and future-proof solution is also cost-efficient.

The entire functionality is implemented as a REST API and therefore enables seamless integration into modern single page applications (SPA) and native smartphone apps.

Airlock 2FA