Two-factor authentication

Please read the applicable Terms of Use.


Two-factor authentication, the most common type of multi-factor authentication, is an identity checking method for digital services.

In addition to the traditional knowledge proof (i.e. password), a possession proof is required: a physical object is required to be authenticated.

This can be a bank card for an ATM withdrawal, a secure token generator (a standalone device with built-in screen, or a USB key), or a smartphone (and any computing device). In the latter case, a message (e.g. SMS) is sent to the user with a one-time password (OTP), or an app can generate this OTP.

One of these factors can also be replaced by a so-called inherent one, based on biometrics (fingerprint, iris scan, facial recognition, ...).

This additional security provided by this method depends on the factor being used: OTP on smartphones are arguably less secure than dedicated physical devices. However, in general, it mitigates the consequences of stolen passwords, for instance following a phishing attack.

Use in the airline industry

Authentication is a necessary step with most web services. This is no less true in the airline industry. Therefore, two-factor authentication can help make those services more secure.

In the context of NDC, a potential use case would be the authentication of a passenger for personalized (as opposed to anonymous) shopping.

The main obstacle to the use of this method is the complexity it adds to the user experience. Most services using two-factor authentication leave it as an optional feature.

Key references