Skip to main content

Use TrustID® certificates for two-factor authentication to access computers and certificate-enabled software applications

It is important to know how two-factor authentication works and how you can use digital certificates to replace traditional user name and password methodology to control access to hardware and certificate-enabled software applications and web servers.

Two-factor authentication, also known as 2FA, typically replaces a user name and password login process as a stronger method of protecting access to PCs and laptops and introducing stronger authentication before allowing access to critical business data and software applications.

Identity-based certificate:  In order to enforce two-factor authentication, the digital certificate that is used must be an identity-based certificate.  This means that the identity of the individual must be vetted by an accredited Certification Authority (CA) before the certificate can be issued to the applicant.

Two-factor authentication:  Is defined as using something that you have in combination with something that you know in order gain physical or logical access to something. When using identity-based digital certificates for two-factor authentication, the certificate is stored in a hardware device (i.e., smart card or USB token), which is password protected.

Factor One (1): The first factor is the hardware password that only you should know. This password is used to access the certificate that is stored on your hardware device.

Factor Two (2): The second factor is the hardware that stores your certificate and which only you should have possession.

When used in combination, two-factor authentication is achieved.

Use cases for two-factor authentication: Various government agencies also require two-factor authentication in order to access secure government agency websites and/or to fulfill government regulations for initiating transactions, such as DEA-compliant Electronic Prescriptions for Controlled Substances (EPCS).

IdenTrust offers a combination of products and services to support deployment of two-factor authentication. Learn more about Two-Factor Authentication.

TrustID® Individual Identity Certificates

TrustID | Basic Assurance | Individual Identity | Software Storage Certificates: This moderately priced certificate is perfect for applicants who wish to be able to provide proof of identity, and can be used for various digital transactions, including securing email communications via digital signing and/or encryption.  Recipients of emails digitally signed with a TrustID | Individual Identity certificate can be assured that the email was initiated by you and has not been intercepted by a fraudster.

The TrustID | Medium Assurance | Individual Identity | Hardware Storage | Trusted By Adobe® certificate option stored on a USB token or smart card is Adobe® AATL Enabled, making the digital signature instantly trusted whenever signed documents are opened in Adobe Acrobat® or Reader® software, and can be used to sign unlimited number of PDF documents.   

  • Authenticate the certificate holder as the individual to which the certificate has been issued
  • Are used to digitally sign and encrypt email communications
  • Can be stored in your PC browser (Software Storage) for use on a single PC or on a smart card or USB token (Hardware Storage) for greater security and use on multiple PCs
  • Rely on automated validation of the applicant’s provided information with activation materials  returned via U.S. postal mail to the validated address of the applicant
  • Are available to enterprise customers and U.S. applicants
  • Are valid for one (1) or three (3) years based on user selection

TrustID® Business Identity Certificates

TrustID | Medium Assurance | Business Identity | Software Storage Certificates: This certificate is offered to individuals who wish to provide proof of identity, as well as affiliation with the business entity with whom they are associated. These certificates can be used for various business purposes, including securing email communications via digital signing and/or encryption.  Recipients of emails digitally signed with a TrustID business certificate can be assured that the email was initiated by you, as a representative of your affiliated business entity and has not been intercepted by a fraudster.

TrustID | Medium Assurance | Business Identity | Hardware Storage | Trusted By Adobe® certificates offer the same benefits of TrustID | Medium Assurance | Business Identity | Software Storage certificates but are stored in a USB token or smart card, are Adobe® AATL Enabled, making the digital signature instantly trusted whenever signed documents are opened in Adobe Acrobat® or Reader® software, and can be used to sign unlimited number of PDF documents.

  • Authenticate the certificate holder as the individual to which the certificate has been issued, as well as their affiliation with the business entity named in the certificate
  • Are used to digitally sign and encrypt email communications
  • Authenticate you as an individual who is affiliated with an identified business or other organization
  • Can be stored in your PC browser for use on a single PC (Software Storage) or on a smart card or USB token (Hardware Storage) for greater security and use on multiple PCs
  • Are available to enterprise customers and U.S. and Canadian applicants
  • Are valid for one (1) or three (3) years based on user selection

Please note that TrustID business certificates require that the certificate applicant provide notarized business forms to ensure that eligibility to represent the affiliated business entity.  Validation of applicant provided information is automated for TrustID | Medium Assurance | Business Identity | Software Storage certificates and in-person via public notary for TrustID | Medium Assurance | Business Identity | Hardware Storage | Trusted By Adobe® certificates. A manual review of the business form is required before business certificates can be approved.  Activation materials are returned via U.S. postal mail to the validated address of the applicant.


Use our Certificate Selection Wizard to assist with your purchase of a publicly trusted TrustID certificate.