多因素验证在任何组织中都具备一项重要的功能 - 保证企业网络访问的安全、保护用户身份资料，以及确保用户没有被盗用。

多因素验证可确保用户的身份准确性。用于确定个体身份的因素越多，真实性就越可靠。

您可通过组合以下因素进行多因素验证：

• 您知道的东西 – 密码或 PIN
• 您拥有的东西 – 令牌或智能卡（双因素验证）
• 您自身的东西 – 生物特征，如指纹（三因素验证）

因为多因素验证安全需要登录时提供多种识别方式，所以被公认为数据和应用程序访问授权的最安全软件身份认证方法。

Open Authentication

HOTP

An HMAC-Based OTP Algorithm - RFC4226 TXT HTML PDF

TOTP

Time-based One-time Password Algorithm - RFC6238 TXT HTML PDF

Google authenticator - https://github.com/google/google-authenticator
Google authenticator android - https://github.com/google/google-authenticator-android
Go lang implemention - https://cloudbook.wiki/go/totp.md

Install Google Authenticator - https://support.google.com/accounts/answer/1066447

OCRA

OATH Challenge/Response Algorithms Specification - RFC6287 TXT HTML PDF

The Mission of the FIDO Alliance is to change the nature of online authentication by:

• Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.
• Operating industry programs to help ensure successful worldwide adoption of the Specifications.
• Submitting mature technical Specification(s) to recognized standards development organization(s) for formal standardization.

Buy FIDO U2F from Amazon

Buy FIDO U2F from Taobao

Security Keys: Practical Cryptographic Second Factors for the Modern Web

1. 一次成功的漫游京东内部网络的过程 - http://www.wooyun.org/bugs/wooyun-2014-055438

1. https://twofactorauth.org/
2. https://www.openauthentication.org/
3. https://en.wikipedia.org/wiki/Two-step_verification
4. https://itservices.stanford.edu/service/webauth/twostep
5. http://www.brown.edu/information-technology/announcements/two-step-verification
6. https://fidoalliance.org/
7. http://cn.safenet-inc.com/multi-factor-authentication/
8. https://www.cyberscoop.com/google-fido-alliance-keystick-2fa-second-factor-otp/
9. https://research.google.com/pubs/pub45409.html