Two-factor authentication译法
“双/多因素 (身份)验证/认证”应该是直译吧,应该也有不少软件和文章在用。还有“多因子身份验证”。是,不同说法,但基本上指同一个东西。
我担心“双重认证”比较含糊,因为通过数字证书、风控系统等宣称做到“多重验证”也是存在的。而如果说“..身份验证”,也许用户更容易理解到“两步”?
And why "two factors" only? A now common generalisation is the "multifactor authentication" (MFA). 2FA is its minimal implementation that just includes a secondary channel to authorize an authentication actually made on a primary site. And MFA is not limited to the web: it can be used to any service (including hardware) that has some means to perform other checks than jsut the primary access method. E.g., it can use biometrics like fingerprints, retina, face recognition, or handheld devices (not necessarily connected to the Internet, it could be a RFID chip, possibly implanted in the body, commonly found for authenticating demestic pets, or breed animals in farming, it can also authenticate material devices, or food/beverage, or shippings, or vehicles, and not just people); secondary authentication is not necessarily electronic (e.g. using a third party service in person, or a hardware seal).
The number of mechanism is not limited, each one having its strengths and weaknesses, but difficult to fool simultaneously as the means are using very different technics.
The most common 2FA mechanims used today are emails (cheapest, but weakest if emails are not themselves strongly signed by certificates or PGP), SMS or voice calls (reliable if the phone operator authenticate the caller/sender, but still not across international boundaries as the routed phone numbers can be arbitrarily set and not all phone operators of the recipient remove faked/unauthenticated caller numbers, due to lack of international support in existing basic ITU protocols used by phone gateways; this is reliable only for domestic calls/messages sent from inside the same country and if the national regulator has enforced this required authentication for all operators, i.e. only inside the European Union and for "geographic" or "mobile" number ranges, excluding special ranges for VoIP and temporary/prepaid mobile numbers and all numbers that are not properly registered in a public diary).