Two-factor Authentication

From Computing and Software Wiki

(Difference between revisions)
Jump to: navigation, search
Line 6: Line 6:
===Human Authentication Factors===  
===Human Authentication Factors===  
*What the user has
*What the user has
-
<p>This can be something like a magnetic ID card or a drivers license that only that user owns.   
+
This can be something like a magnetic ID card or a drivers license that only that user owns.   
*What the user knows
*What the user knows
This is a piece of information that only the specific user being authenticated will know.  For example, this can include their PIN number, a user name and password or a random number.   
This is a piece of information that only the specific user being authenticated will know.  For example, this can include their PIN number, a user name and password or a random number.   
Line 14: Line 14:
===Two-factor Authentication===
===Two-factor Authentication===
The definition of two-factor authentication must be further clarified.  Although it is also known as strong authentication, these are often not the same thing. This is because strong authentication does not always necessarily mean that two ''factors'' were used, just two different authentication requests.   
The definition of two-factor authentication must be further clarified.  Although it is also known as strong authentication, these are often not the same thing. This is because strong authentication does not always necessarily mean that two ''factors'' were used, just two different authentication requests.   
-
<p>When using two factors, it means that two out of the three of the above methods must be used.  This does ''not'' mean that single method can be used more than one time (two factor pdf).  For instance, when a system asks for 3 passwords, this does ''not'' qualify as two-factor authentication.  However, this ''is'' technically strong authentication because it asks for 3 passwords.   
+
 
 +
When using two factors, it means that two out of the three of the above methods must be used.  This does ''not'' mean that single method can be used more than one time (two factor pdf).  For instance, when a system asks for 3 passwords, this does ''not'' qualify as two-factor authentication.  However, this ''is'' technically strong authentication because it asks for 3 passwords.   
 +
 
'''Weak authentication''' is defined as cryptographic authentication between previously unknown parties without relying on trusted third parties (source)
'''Weak authentication''' is defined as cryptographic authentication between previously unknown parties without relying on trusted third parties (source)

Revision as of 02:50, 9 April 2008

Two-factor authentication, also known as strong authentication, is a method which uses two different methods of authentication in order to verify a person's identity. It provides better verification then any single-factor authentication method on its own.

Contents

Authentication

Authentication is a recent verification of a principal (source). A principal is someone connected to and participating on the network (source). There are three main methods of authenticating a principal, known as human authentication factors.

Human Authentication Factors

  • What the user has

This can be something like a magnetic ID card or a drivers license that only that user owns.

  • What the user knows

This is a piece of information that only the specific user being authenticated will know. For example, this can include their PIN number, a user name and password or a random number.

  • What the user is

Consists mainly of biometrics, such as face recognition, retinal scanning, or fingerprint identification. In the (possibly near) future, a person's genetic sequence may be used as well.

Two-factor Authentication

The definition of two-factor authentication must be further clarified. Although it is also known as strong authentication, these are often not the same thing. This is because strong authentication does not always necessarily mean that two factors were used, just two different authentication requests.

When using two factors, it means that two out of the three of the above methods must be used. This does not mean that single method can be used more than one time (two factor pdf). For instance, when a system asks for 3 passwords, this does not qualify as two-factor authentication. However, this is technically strong authentication because it asks for 3 passwords.

Weak authentication is defined as cryptographic authentication between previously unknown parties without relying on trusted third parties (source)

Authentication Tools

The following is a list of some of the tools that are used today to provide authentication.

Magnetic Stripe Card

This is seen on bank cards, such as debit cards, on credit cards, membership cards, and many others. It can be used as a single or multi-factor authentication method, but is most commonly used as a two-factor method. For example, when using a debit card, one must input their PIN after swiping the card. It is slowly being replaced by smart cards for several reasons. First of all, it generally has a very limited storage capacity of about 1-4kb ISO/IEC 7810:2003 . It is also very easy to retrieve the information on these cards. If a card contained very sensitive information, it would be a great security risk. (source)

Smartcard

Personal tools