Two-factor authentication译法
希望统一它在简中下的译法(也不介意zh-hant用户来给意见)。是在OATH Auth - User interface等项目中使用。
目前译法很多且未统一,几度变更。以MediaWiki:Oathauth-secret/zh-hans为例,有过“双因素验证”“双因素身份验证”“双重身份验证”等。繁中是“雙重認證”等。
当前个人想法,“双因素身份验证”直译没毛病,省掉“身份”来简洁些也没问题。而上个月我有尝试修改一些字符串至“双重身份验证”(但未全部完成,且被改回一些),是考虑到该译法可能最易于理解,不需要用户理解什么是“因素”,单纯双重(两次)就足以;目前没有看到“多因素”验证出现,无需考虑,且“多重身份验证”也没问题。
相关字符串还有“two-factor credentials”等,似乎不影响讨论。
我感觉简中也是双重认证也没问题啊(Apple),不过我记得还有叫“两步验证”的,这个的英文应该不是“Two-factor”而是“Two-step”?
而且说实话,在各种语境下我都没听过“双因素认证”,反而只在Wiki.js里面看到过是这样翻译的。
“双/多因素 (身份)验证/认证”应该是直译吧,应该也有不少软件和文章在用。还有“多因子身份验证”。是,不同说法,但基本上指同一个东西。
我担心“双重认证”比较含糊,因为通过数字证书、风控系统等宣称做到“多重验证”也是存在的。而如果说“..身份验证”,也许用户更容易理解到“两步”?
And why "two factors" only? A now common generalisation is the "multifactor authentication" (MFA). 2FA is its minimal implementation that just includes a secondary channel to authorize an authentication actually made on a primary site. And MFA is not limited to the web: it can be used to any service (including hardware) that has some means to perform other checks than jsut the primary access method. E.g., it can use biometrics like fingerprints, retina, face recognition, or handheld devices (not necessarily connected to the Internet, it could be a RFID chip, possibly implanted in the body, commonly found for authenticating demestic pets, or breed animals in farming, it can also authenticate material devices, or food/beverage, or shippings, or vehicles, and not just people); secondary authentication is not necessarily electronic (e.g. using a third party service in person, or a hardware seal).
The number of mechanism is not limited, each one having its strengths and weaknesses, but difficult to fool simultaneously as the means are using very different technics.
The most common 2FA mechanims used today are emails (cheapest, but weakest if emails are not themselves strongly signed by certificates or PGP), SMS or voice calls (reliable if the phone operator authenticate the caller/sender, but still not across international boundaries as the routed phone numbers can be arbitrarily set and not all phone operators of the recipient remove faked/unauthenticated caller numbers, due to lack of international support in existing basic ITU protocols used by phone gateways; this is reliable only for domestic calls/messages sent from inside the same country and if the national regulator has enforced this required authentication for all operators, i.e. only inside the European Union and for "geographic" or "mobile" number ranges, excluding special ranges for VoIP and temporary/prepaid mobile numbers and all numbers that are not properly registered in a public diary).