What is a second authentication factor?

A second authentication factor is an additional element used to confirm the user’s identity during login. Its purpose is to increase access security by adding another layer of protection on top of the password alone.

In practice, this means that entering the correct password is not enough to gain access. The user must also confirm their identity in a second way – for example by using a fingerprint, phone, hardware key, or one-time code.

Most often, a second factor is based on one of three categories:

• something the user knows – for example a password,
• something the user has – for example a phone or security key,
• something the user is – for example a fingerprint or another biometric trait.

Thanks to this, even if a password is discovered by an unauthorized person, it is not enough on its own to log in to the system. This is exactly why a second authentication factor is now one of the most important elements of access protection.

In this material, we focus on a scenario in which the second factor is a fingerprint reader used during Windows login.

What does the video show?

The video presents a practical scenario of using OpenText Advanced Authentication to secure Windows login with biometrics.

The process begins by entering the user portal, where available authentication methods can be managed. Next, the fingerprint reader is added as a new method, and finally the video shows Windows login using the authentication chain configured earlier.

This is a good example of how MFA can work not only for access to applications or web systems, but also directly during login to a computer.

Adding a fingerprint reader as a second factor – step by step

1. Logging in to the user portal
   The process begins by logging in to the user portal in OpenText Advanced Authentication. This is where the user can review available login methods and manage the ones that are already active.

The video shows that several methods are available in the environment, and one of them – a FIDO2 key – has already been added earlier. This shows that the system allows the use of many different authentication mechanisms depending on the adopted security policy.

2. Reviewing available authentication methods
   After entering the portal, the user sees a set of available methods. The video emphasizes that the list visible in a given environment does not have to include all the system’s capabilities – OpenText Advanced Authentication offers more methods, but their availability depends on the deployment configuration.

This is important because it shows the flexibility of the platform. The administrator can make available to users only those methods that are consistent with the organization’s policy.

3. Adding the fingerprint reader
   The next step is starting the process of adding a new biometric method. In this scenario, the user selects the fingerprint reader as the second authentication factor.

The system asks which finger should be scanned. In the example shown, the index finger is selected. The user then places their finger on the reader, and the system captures the biometric template.

4. Confirming that the fingerprint was read correctly
   After the fingerprint is scanned, the system informs the user that the data has been read correctly. In the video, a green signal appears confirming that the operation was successful.

This is an important moment because it means that the method has been captured correctly and can be saved as an active authentication factor.

5. Saving the new method
   After the biometric data has been read successfully, the user saves the new method. From that moment on, the fingerprint reader is available in the system as one of the login methods.

In practice, this means that the user can now use it in the authentication chain configured for Windows access.

6. Moving to Windows login
   After the method enrollment is completed, the video moves on to the actual workstation login scenario in Windows.

This is where the practical value of the whole process becomes most visible – the newly added method does not remain just an entry in the user portal, but actually takes part in logging in to the operating system.

7. Selecting the appropriate authentication chain
   During login, the user sees several available authentication chains. In the video, the one configured with the newly added second factor is selected.

In this case, login consists of two elements:

• the standard Windows password, based on Active Directory / LDAP,
• and the fingerprint reader.

This is a classic example of MFA, where the first factor is based on something the user knows, and the second on a biometric characteristic.

8. Confirming identity with a fingerprint
   After entering the password, the system asks the user to place their finger on the reader. The user performs this step, and OpenText Advanced Authentication verifies the biometric second factor.

After the fingerprint is read successfully, the user is authenticated and gains access to Windows.

This is the moment that best shows how workstation login protected by a second factor works in practice.

Why is it worth protecting Windows login with a second factor?

In many organizations, computer login is still based solely on a password. This is convenient, but from a security perspective it is often not enough – especially in environments where users have access to corporate data, internal systems, or particularly sensitive resources.

Adding a second factor, such as a fingerprint reader, offers several important benefits:

• it increases login security,
• it makes unauthorized access to the workstation more difficult,
• it reduces the risk associated with relying on the password alone,
• it improves user convenience compared to some other MFA methods,
• it makes it possible to combine security with a fast and simple login process.

Biometrics are especially attractive wherever a balance between protection and everyday convenience is important.

What should you pay attention to when deploying this method?

Although the scenario itself looks simple, in practice it is worth taking care of several elements:

• proper configuration of available methods in OpenText Advanced Authentication,
• correct preparation of authentication chains,
• compatibility of the fingerprint reader with the environment being used,
• clear rules for users regarding the enrollment of biometric methods,
• consistent integration of Windows login with the organization’s MFA policy.

This ensures that the deployment is not just a one-off technology demonstration, but a real improvement in security.

Summary

The video shows that OpenText Advanced Authentication makes it easy to add a fingerprint reader as a second factor for Windows login. The user goes through the method enrollment process in the portal, saves the biometric data, and then uses it during login to the computer together with the standard password.

This is a practical example of MFA deployment on a workstation – using a method that is both secure and convenient in everyday use.