In critical and sensitive applications like financial transaction, one authentication method is not enough. Therefore, the term appears 2FA (Two Factor Authentication) which is an authentication system that uses two factors (methods) are different. Four authentication methods that I described earlier can be combined to improve security, one example is the combination of "something you have" in the form of an ATM card with "something you know" in the form of a PIN. This combination is a combination of the most widely used.
Another case example is when you are shopping in a modern market and pay by card, you unwittingly been using more than one authentication factor. The first factor is the "Something You Have" is a debit card / credit you. The second factor is the "Something You Know", when you are prompted to enter a PIN into the EDC. In fact, there may be a third factor that is "Something You Can", when you are asked to sign a memorandum of payment printed EDC.
Internet banking is also using two factor authentication by combining "something you know" in the form of passwords and "something you have" in the form of hardware token (or token KeyBCA Mandiri).
Released Password Token Internet Banking
Generally there are two modes of internet banking token usage:
1. Fashion Challenge / Response (C / R)
This is the mode most often used when trading. In this mode the server provides a series of numbers challenge. This figure should be entered into the token machine to get an answer (response). Then the user enters the number that appears on token into the form on the internet banking site. Tokens will be issued a code different though with the same challenge code periodically depending on the time when the challenge is inserted into the token.
2. Self Generated Mode (Response Only)
In this mode the server does not provide a challenge (challenge) of any kind. Token users can directly issue a series of numbers without having to enter the challenge. Like fashion C / R, the token also issue a different code periodically depending on the time when the token required to generate self-generated code.