This double protection reduces the risk of unauthorized access to sensitive data by third parties. However, the website or Internet service must also offer such multi-factor authentication. Large Internet services such as Google, Facebook, PayPal and others have been using such methods for quite some time. A widespread solution in Austria is the mobile phone signature or citizen card used, for example, by public authorities.
A well-known two-factor authentication is the interaction between the ATM card (possession) and the associated PIN (knowledge). In order to withdraw cash, both components are required. The same applies to online transfers, where the login data (knowledge) and the TAN (possession) must be available to release a transfer. Nowadays, most banks have switched from paper TANs to their digital counterparts: SMS (this procedure has different names depending on the bank: smsTAN, mobileTAN, TAC-SMS), TAN generator or digital signature. An smsTAN has a validity period of typically only a few minutes, which severely limits misuse.