http://wiki.cas.mcmaster.ca/index.php?action=history&feed=atom&title=Two-factor_AuthenticationTwo-factor Authentication - Revision history2026-04-07T01:13:58ZRevision history for this page on the wikiMediaWiki 1.15.1http://wiki.cas.mcmaster.ca/index.php?title=Two-factor_Authentication&diff=2555&oldid=prev24.57.202.252 at 05:09, 16 April 20082008-04-16T05:09:57Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 05:09, 16 April 2008</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 29:</td>
<td colspan="2" class="diff-lineno">Line 29:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>In summary, the main benefits compared to magnetic stripe cards are the increased storage of memory and improved security. </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>In summary, the main benefits compared to magnetic stripe cards are the increased storage of memory and improved security. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>==Biometrics==</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">=</ins>==Biometrics<ins class="diffchange diffchange-inline">=</ins>==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Biometrics uses a person's biological traits in order to ensure their identity [4]. It provides a unique identification method for each person that every person will always have. However, there have not been any completely accurate systems been creates as of yet [2]. Using multiple biometrics, such as face, speech and fingerprint, can improve accuracy, but is still not completely accurate [4]. </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Biometrics uses a person's biological traits in order to ensure their identity [4]. It provides a unique identification method for each person that every person will always have. However, there have not been any completely accurate systems been creates as of yet [2]. Using multiple biometrics, such as face, speech and fingerprint, can improve accuracy, but is still not completely accurate [4]. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>An approach known as '''biohashing''' has been shown to produce a near 100% accuracy [2]. It uses biometrics along with a pseudo-randomized number that the person will know. It uses the number in mathematical formulae along with the biometric data to authorize the person in question [2]. </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>An approach known as '''biohashing''' has been shown to produce a near 100% accuracy [2]. It uses biometrics along with a pseudo-randomized number that the person will know. It uses the number in mathematical formulae along with the biometric data to authorize the person in question [2]. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>==One-time password token==</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">=</ins>==One-time password token<ins class="diffchange diffchange-inline">=</ins>==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>These tokens generate pseudo-random numbers that match up with the system that is trying to authenticate the person. The person in question will have a device that outputs these numbers. It gets rid of the problem of stolen passwords as long as the device itself is not stolen. </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>These tokens generate pseudo-random numbers that match up with the system that is trying to authenticate the person. The person in question will have a device that outputs these numbers. It gets rid of the problem of stolen passwords as long as the device itself is not stolen. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<!-- diff generator: internal 2026-04-07 01:13:58 -->
</table>24.57.202.252http://wiki.cas.mcmaster.ca/index.php?title=Two-factor_Authentication&diff=2554&oldid=prev24.57.202.252 at 05:09, 16 April 20082008-04-16T05:09:32Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 05:09, 16 April 2008</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 28:</td>
<td colspan="2" class="diff-lineno">Line 28:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>In summary, the main benefits compared to magnetic stripe cards are the increased storage of memory and improved security. </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>In summary, the main benefits compared to magnetic stripe cards are the increased storage of memory and improved security. </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">==Biometrics==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">Biometrics uses a person's biological traits in order to ensure their identity [4]. It provides a unique identification method for each person that every person will always have. However, there have not been any completely accurate systems been creates as of yet [2]. Using multiple biometrics, such as face, speech and fingerprint, can improve accuracy, but is still not completely accurate [4]. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">An approach known as '''biohashing''' has been shown to produce a near 100% accuracy [2]. It uses biometrics along with a pseudo-randomized number that the person will know. It uses the number in mathematical formulae along with the biometric data to authorize the person in question [2]. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">==One-time password token==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">These tokens generate pseudo-random numbers that match up with the system that is trying to authenticate the person. The person in question will have a device that outputs these numbers. It gets rid of the problem of stolen passwords as long as the device itself is not stolen. </ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Drawbacks==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Drawbacks==</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>In an online article <del class="diffchange diffchange-inline">(source) </del>by <del class="diffchange diffchange-inline">(BLAH)</del>, he points out that two-factor authentication does not address current problems. He states that the multi-factor approach is still vulnerable to Trojan viruses and man-in-the-middle attacks. </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>In an online article by <ins class="diffchange diffchange-inline">Bruce Schneier</ins>, he points out that two-factor authentication does not address current problems. He states that the multi-factor approach is still vulnerable to Trojan viruses and man-in-the-middle attacks. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>In the article, it gives an example about how some banks are now using cell phones to authenticate their customers via text messages. This means that the user can login to their account from a computer using two factors instead of one, which is much harder to duplicate. However, in a man-in-the-middle attack, the man in the middle just has to wait for the user to input the information, intercept it, and then forward it along to the bank. The Trojan just waits for the person to log in and can hijack the session. </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>In the article, it gives an example about how some banks are now using cell phones to authenticate their customers via text messages. This means that the user can login to their account from a computer using two factors instead of one, which is much harder to duplicate. However, in a man-in-the-middle attack, the man in the middle just has to wait for the user to input the information, intercept it, and then forward it along to the bank. The Trojan just waits for the person to log in and can hijack the session. </div></td></tr>
<!-- diff generator: internal 2026-04-07 01:13:58 -->
</table>24.57.202.252http://wiki.cas.mcmaster.ca/index.php?title=Two-factor_Authentication&diff=2553&oldid=prev24.57.202.252 at 04:18, 16 April 20082008-04-16T04:18:14Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 04:18, 16 April 2008</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 27:</td>
<td colspan="2" class="diff-lineno">Line 27:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This form of authentication is based on the idea of magnetic stripe cards. However, it uses a more secure method and has a larger storage capacity [5]. Each card can contain a microprocessor or simply a secure form of memory [6]. There are many types of smartcards, differing in security level or amount of memory it is capable of holding [6]. For example, there are the type most often referred to as smartcard contains a simplistic microprocessor that contains a small amount of memory. The microprocessor allows restriction of writing and reading via software and hardware [6]. There is also a memory card that stores 20 kilobytes of data and has simple read and write protection [6]. There is also an optical storage card. This card can only be written to once and cannot be erased [6]. </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This form of authentication is based on the idea of magnetic stripe cards. However, it uses a more secure method and has a larger storage capacity [5]. Each card can contain a microprocessor or simply a secure form of memory [6]. There are many types of smartcards, differing in security level or amount of memory it is capable of holding [6]. For example, there are the type most often referred to as smartcard contains a simplistic microprocessor that contains a small amount of memory. The microprocessor allows restriction of writing and reading via software and hardware [6]. There is also a memory card that stores 20 kilobytes of data and has simple read and write protection [6]. There is also an optical storage card. This card can only be written to once and cannot be erased [6]. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>In summary, the main benefits compared to magnetic stripe cards are the increased storage of memory and improved security. </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>In summary, the main benefits compared to magnetic stripe cards are the increased storage of memory and improved security. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Drawbacks==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Drawbacks==</div></td></tr>
<!-- diff generator: internal 2026-04-07 01:13:58 -->
</table>24.57.202.252http://wiki.cas.mcmaster.ca/index.php?title=Two-factor_Authentication&diff=2552&oldid=prev24.57.202.252 at 04:17, 16 April 20082008-04-16T04:17:43Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 04:17, 16 April 2008</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 17:</td>
<td colspan="2" class="diff-lineno">Line 17:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>When using two factors, it means that two out of the three of the above methods must be used. This does ''not'' mean that single method can be used more than one time [6]. For instance, when a system asks for 3 passwords, this does ''not'' qualify as two-factor authentication. However, this ''is'' technically strong authentication because it asks for 3 passwords. </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>When using two factors, it means that two out of the three of the above methods must be used. This does ''not'' mean that single method can be used more than one time [6]. For instance, when a system asks for 3 passwords, this does ''not'' qualify as two-factor authentication. However, this ''is'' technically strong authentication because it asks for 3 passwords. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>'''Weak authentication''' is defined as cryptographic authentication between previously unknown parties without relying on trusted third parties <del class="diffchange diffchange-inline">(source)</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>'''Weak authentication''' is defined as cryptographic authentication between previously unknown parties without relying on trusted third parties <ins class="diffchange diffchange-inline">[6]. </ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Authentication Tools==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Authentication Tools==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The following is a list of some of the tools that are used today to provide authentication. </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The following is a list of some of the tools that are used today to provide authentication. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Magnetic Stripe Card===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Magnetic Stripe Card===</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>This is seen on bank cards, such as debit cards, on credit cards, membership cards, and many others. It can be used as a single or multi-factor authentication method, but is most commonly used as a two-factor method. For example, when using a debit card, one must input their PIN after swiping the card. It is slowly being replaced by smart cards for several reasons. First of all, it generally has a very limited storage capacity of about 1-<del class="diffchange diffchange-inline">4kb </del>[http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=31432&ICS1=35&ICS2=240&ICS3=15 ISO/IEC 7810:2003] . It is also very easy to retrieve the information on these cards. If a card contained very sensitive information, it would be a great security risk. <del class="diffchange diffchange-inline">(source)</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>This is seen on bank cards, such as debit cards, on credit cards, membership cards, and many others. It can be used as a single or multi-factor authentication method, but is most commonly used as a two-factor method. For example, when using a debit card, one must input their PIN after swiping the card. It is slowly being replaced by smart cards for several reasons. First of all, it generally has a very limited storage capacity of about 1-<ins class="diffchange diffchange-inline">4 kilobits </ins>[http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=31432&ICS1=35&ICS2=240&ICS3=15 ISO/IEC 7810:2003] . It is also very easy to retrieve the information on these cards. If a card contained very sensitive information, it would be a great security risk. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Smartcard===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Smartcard===</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">This form of authentication is based on the idea of magnetic stripe cards. However, it uses a more secure method and has a larger storage capacity [5]. Each card can contain a microprocessor or simply a secure form of memory [6]. There are many types of smartcards, differing in security level or amount of memory it is capable of holding [6]. For example, there are the type most often referred to as smartcard contains a simplistic microprocessor that contains a small amount of memory. The microprocessor allows restriction of writing and reading via software and hardware [6]. There is also a memory card that stores 20 kilobytes of data and has simple read and write protection [6]. There is also an optical storage card. This card can only be written to once and cannot be erased [6]. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> In summary, the main benefits compared to magnetic stripe cards are the increased storage of memory and improved security. </ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Drawbacks==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Drawbacks==</div></td></tr>
<!-- diff generator: internal 2026-04-07 01:13:58 -->
</table>24.57.202.252http://wiki.cas.mcmaster.ca/index.php?title=Two-factor_Authentication&diff=2551&oldid=prev24.57.202.252 at 04:02, 16 April 20082008-04-16T04:02:19Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 04:02, 16 April 2008</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 2:</td>
<td colspan="2" class="diff-lineno">Line 2:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Authentication==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Authentication==</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Authentication is a recent verification of a principal <del class="diffchange diffchange-inline">(source)</del>. A principal is someone connected to and participating on the network <del class="diffchange diffchange-inline">(source)</del>. There are three main methods of authenticating a principal, known as '''human authentication factors'''. </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>Authentication is a recent verification of a principal <ins class="diffchange diffchange-inline">[1]</ins>. A principal is someone connected to and participating on the network <ins class="diffchange diffchange-inline">[1]</ins>. There are three main methods of authenticating a principal, known as '''human authentication factors''' <ins class="diffchange diffchange-inline">[6]</ins>. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Human Authentication Factors=== </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Human Authentication Factors=== </div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 15:</td>
<td colspan="2" class="diff-lineno">Line 15:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The definition of two-factor authentication must be further clarified. Although it is also known as strong authentication, these are often not the same thing. This is because strong authentication does not always necessarily mean that two ''factors'' were used, just two different authentication requests. </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The definition of two-factor authentication must be further clarified. Although it is also known as strong authentication, these are often not the same thing. This is because strong authentication does not always necessarily mean that two ''factors'' were used, just two different authentication requests. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>When using two factors, it means that two out of the three of the above methods must be used. This does ''not'' mean that single method can be used more than one time <del class="diffchange diffchange-inline">(two factor pdf)</del>. For instance, when a system asks for 3 passwords, this does ''not'' qualify as two-factor authentication. However, this ''is'' technically strong authentication because it asks for 3 passwords. </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>When using two factors, it means that two out of the three of the above methods must be used. This does ''not'' mean that single method can be used more than one time <ins class="diffchange diffchange-inline">[6]</ins>. For instance, when a system asks for 3 passwords, this does ''not'' qualify as two-factor authentication. However, this ''is'' technically strong authentication because it asks for 3 passwords. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Weak authentication''' is defined as cryptographic authentication between previously unknown parties without relying on trusted third parties (source)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Weak authentication''' is defined as cryptographic authentication between previously unknown parties without relying on trusted third parties (source)</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 49:</td>
<td colspan="2" class="diff-lineno">Line 49:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>8. Bruce Schneier. Schneier on Security. http://www.schneier.com/blog/archives/2005/03/the_failure_of.html</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>8. Bruce Schneier. Schneier on Security. http://www.schneier.com/blog/archives/2005/03/the_failure_of.html</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">9. Jari Arkko and Pekka Nikander. How to Authenticate Unknown Principals without Trusted Parties (2002)</ins></div></td></tr>
<!-- diff generator: internal 2026-04-07 01:13:58 -->
</table>24.57.202.252http://wiki.cas.mcmaster.ca/index.php?title=Two-factor_Authentication&diff=2550&oldid=prev24.57.202.252 at 03:56, 16 April 20082008-04-16T03:56:55Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 03:56, 16 April 2008</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 35:</td>
<td colspan="2" class="diff-lineno">Line 35:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==References==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==References==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>1. Ralf C. Hauser and LeeE. Stewart. Verification and Modelling of Authentication Protocols (1992)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>1. Ralf C. Hauser and LeeE. Stewart. Verification and Modelling of Authentication Protocols (1992)</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>2. Adams Kong, King-Hong Cheung, David Zhang, Mohamed Kamel and Jane YouAn. Analysis of BioHashing and Its Variants</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>2. Adams Kong, King-Hong Cheung, David Zhang, Mohamed Kamel and Jane YouAn. Analysis of BioHashing and Its Variants</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>3. Fabian Monrose and Aviel D. Rubin. Keystroke dynamics as a biometric for authentication (1999)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>3. Fabian Monrose and Aviel D. Rubin. Keystroke dynamics as a biometric for authentication (1999)</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>4. Anil Jain, Lin Hong and Yatin Kulkarni. A Multimodal Biometric System Using Fingerprint, Face and Speech</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>4. Anil Jain, Lin Hong and Yatin Kulkarni. A Multimodal Biometric System Using Fingerprint, Face and Speech</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>5. Steve Petri. An Introduction to Smart Cards</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>5. Steve Petri. An Introduction to Smart Cards</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>6. Doug Graham. It’s All About Authentication (2003)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>6. Doug Graham. It’s All About Authentication (2003)</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>7. Mark Arend. New Card Fraud Weapons Emerge (1993)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>7. Mark Arend. New Card Fraud Weapons Emerge (1993)</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>8. Bruce Schneier. Schneier on Security. http://www.schneier.com/blog/archives/2005/03/the_failure_of.html</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>8. Bruce Schneier. Schneier on Security. http://www.schneier.com/blog/archives/2005/03/the_failure_of.html</div></td></tr>
<!-- diff generator: internal 2026-04-07 01:13:58 -->
</table>24.57.202.252http://wiki.cas.mcmaster.ca/index.php?title=Two-factor_Authentication&diff=2549&oldid=prev24.57.202.252 at 03:56, 16 April 20082008-04-16T03:56:34Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 03:56, 16 April 2008</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 37:</td>
<td colspan="2" class="diff-lineno">Line 37:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>2. Adams Kong, King-Hong Cheung, David Zhang, Mohamed Kamel and Jane YouAn. Analysis of BioHashing and Its Variants</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>2. Adams Kong, King-Hong Cheung, David Zhang, Mohamed Kamel and Jane YouAn. Analysis of BioHashing and Its Variants</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>3. Fabian Monrose and Aviel D. Rubin. Keystroke dynamics as a biometric for authentication (1999)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>3. Fabian Monrose and Aviel D. Rubin. Keystroke dynamics as a biometric for authentication (1999)</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>4. Anil <del class="diffchange diffchange-inline">Jain� in Hong� </del>and Yatin Kulkarni</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>4. Anil <ins class="diffchange diffchange-inline">Jain, Lin Hong </ins>and Yatin Kulkarni<ins class="diffchange diffchange-inline">. A </ins>Multimodal Biometric System Using Fingerprint, Face and Speech</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">Department of Computer Science and EngineeringA </del>Multimodal Biometric System Using Fingerprint, Face and Speech</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">5. Steve Petri. An Introduction to Smart Cards</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">6. Doug Graham. It’s All About Authentication (2003)</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">7. Mark Arend. New Card Fraud Weapons Emerge (1993)</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">8. Bruce Schneier. Schneier on Security. http://www.schneier.com/blog/archives/2005/03/the_failure_of.html</ins></div></td></tr>
<!-- diff generator: internal 2026-04-07 01:13:58 -->
</table>24.57.202.252http://wiki.cas.mcmaster.ca/index.php?title=Two-factor_Authentication&diff=2548&oldid=prev24.57.202.252 at 03:52, 16 April 20082008-04-16T03:52:21Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 03:52, 16 April 2008</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 37:</td>
<td colspan="2" class="diff-lineno">Line 37:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>2. Adams Kong, King-Hong Cheung, David Zhang, Mohamed Kamel and Jane YouAn. Analysis of BioHashing and Its Variants</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>2. Adams Kong, King-Hong Cheung, David Zhang, Mohamed Kamel and Jane YouAn. Analysis of BioHashing and Its Variants</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>3. Fabian Monrose and Aviel D. Rubin. Keystroke dynamics as a biometric for authentication (1999)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>3. Fabian Monrose and Aviel D. Rubin. Keystroke dynamics as a biometric for authentication (1999)</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>4. <del class="diffchange diffchange-inline">A </del>Multimodal Biometric System Using <del class="diffchange diffchange-inline">Fingerprint� </del>and Speech</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>4. <ins class="diffchange diffchange-inline">Anil Jain� in Hong� and Yatin Kulkarni</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Department of Computer Science and EngineeringA </ins>Multimodal Biometric System Using <ins class="diffchange diffchange-inline">Fingerprint, Face </ins>and Speech</div></td></tr>
<!-- diff generator: internal 2026-04-07 01:13:58 -->
</table>24.57.202.252http://wiki.cas.mcmaster.ca/index.php?title=Two-factor_Authentication&diff=2547&oldid=prev24.57.202.252 at 03:51, 16 April 20082008-04-16T03:51:50Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 03:51, 16 April 2008</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 32:</td>
<td colspan="2" class="diff-lineno">Line 32:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>These two attacks are a more recent development, but are the most dangerous right now. So although the two-factor method is useful for many applications, other methods must be used in order to deal with all possible scenarios.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>These two attacks are a more recent development, but are the most dangerous right now. So although the two-factor method is useful for many applications, other methods must be used in order to deal with all possible scenarios.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">==References==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">1. Ralf C. Hauser and LeeE. Stewart. Verification and Modelling of Authentication Protocols (1992)</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">2. Adams Kong, King-Hong Cheung, David Zhang, Mohamed Kamel and Jane YouAn. Analysis of BioHashing and Its Variants</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">3. Fabian Monrose and Aviel D. Rubin. Keystroke dynamics as a biometric for authentication (1999)</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">4. A Multimodal Biometric System Using Fingerprint� and Speech</ins></div></td></tr>
<!-- diff generator: internal 2026-04-07 01:13:58 -->
</table>24.57.202.252http://wiki.cas.mcmaster.ca/index.php?title=Two-factor_Authentication&diff=2546&oldid=prev24.36.228.133 at 03:03, 9 April 20082008-04-09T03:03:35Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 03:03, 9 April 2008</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 25:</td>
<td colspan="2" class="diff-lineno">Line 25:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Smartcard===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Smartcard===</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">==Drawbacks==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">In an online article (source) by (BLAH), he points out that two-factor authentication does not address current problems. He states that the multi-factor approach is still vulnerable to Trojan viruses and man-in-the-middle attacks. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">In the article, it gives an example about how some banks are now using cell phones to authenticate their customers via text messages. This means that the user can login to their account from a computer using two factors instead of one, which is much harder to duplicate. However, in a man-in-the-middle attack, the man in the middle just has to wait for the user to input the information, intercept it, and then forward it along to the bank. The Trojan just waits for the person to log in and can hijack the session. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">These two attacks are a more recent development, but are the most dangerous right now. So although the two-factor method is useful for many applications, other methods must be used in order to deal with all possible scenarios.</ins></div></td></tr>
<!-- diff generator: internal 2026-04-07 01:13:58 -->
</table>24.36.228.133