Two-factor authentication (2FA) works by combining two different types of authentication factors from the following categories: something you know (e.g., password, PIN), something you have (e.g., security token, Common Access Card (CAC)), and something you are (e.g., fingerprint, biometrics). Out of typical options, combinations that would work for 2FA include:
- Common Access Card (CAC) and Personal Identification Number (PIN) because this combines a physical card (something you have) with knowledge (something you know).
In contrast, combinations that do not work are:
- Password and PIN (both knowledge factor)
- Fingerprint and facial recognition (both biometric factor)
- Security token and CAC (both something you have, unless considered distinct physical tokens, but generally not recommended as two different factors)
Hence, the best example of a working combination for 2FA is a Common Access Card (CAC) and Personal Identification Number (PIN) because they represent two distinct authentication factors.
