Two-factor authentication in Intro to Computing - Real World Applications

Imagine you want to enter a very secure building. To get inside, you need two things: a key card and a secret code. The key card is something you carry, like a physical object. The secret code is something only you know, like a password. Even if someone steals your key card, they cannot enter without the secret code. And if someone guesses your secret code, they still need your key card to get in. This double check makes the building much safer.

Imagine you work in a company with a secure office. Every morning, you arrive and swipe your key card at the door. The door then asks you to enter your secret code on a keypad. You type your code, and the door unlocks. If you forget your key card at home, you cannot enter even if you know the code. If someone finds your key card but does not know your code, they also cannot enter. This way, your workplace stays safe from strangers.

• The analogy shows physical keys and codes, but in computing, the second factor can be a text message, fingerprint, or app notification, which are not physical keys.
• In real life, key cards can be duplicated; in computing, some second factors are harder to copy.
• The analogy assumes the secret code is always secret, but in computing, passwords can be stolen or guessed, so additional protections exist.
• The building analogy is static, but in computing, two-factor authentication can happen remotely over the internet.

In our analogy, if someone steals your key card but does not know your secret code, can they enter the building?