2 (Combined) Factor Authentication
2 (Combined) Factor Authentication means combining something that you know, with something that you must produce as a one-time representative value in place of your PIN. This second factor can then be interpreted and verified by the site to which you are connecting. The core idea is that the password or PIN is altered into some form of cipher that is not traceable by anything on the computer.
The two factors usually take the form of a PIN (the something that you know) and a token (the something that you have).
Tokens come in several forms, but are most commonly electronic 'calculator like' devices. These are integrated with common electronic objects such as PDAs, mobile phones and such like, or take the form of plastic cards about the size of a credit card.
The following is a synopsis of the common options. (Please note that the mention of any vendor product is not an endorsement of the product nor an indication of preference on behalf of the author, who is himself involved in 2 Factor Authentication.)
Electronic Tokens: These solutions are very secure. Each user is issued with an electronic token that is designed to go on a keyring, similar to the following:
The user inputs their PIN into the electronic token, which in turn returns a number that is an OTP. This is entered into the site login box and the OTP is validated.
The upside of these tokens is that they provide very good security. The downside is that they are expensive.