Multi-factor Authentication Flashcards
Multi-factor authentication
- More than one factor
- Something you are
- Something you have
- Something you know
- Somewhere you are
- Something you do
- Can be expensive
- Separate hardware tokens
- Specialized scanning equipment
- Can be inexpensive
- Free smartphone applications
Something you know
- Password
- Secret word/phrase, string of characters
- Very common authentication factor
• PIN
• Personal identification number
• Not typically contained anywhere on a smart card or
ATM card
- Pattern
- Complete a series of patterns
- Only you know the right format
Something you have
- Smart card
- Integrates with devices
- May require a PIN
• USB token - Certificate is on the USB device
- Hardware or software tokens
- Generates pseudo-random authentication codes
• Your phone - SMS a code to your phone
Something you are
- Biometric authentication
- Fingerprint, iris scan, voiceprint
• Usually stores a mathematical representation
of your biometrics
• Your actual fingerprint isn’t usually saved
- Difficult to change
- You can change your password
- You can’t change your fingerprint
- Used in very specific situations
- Not foolproof
Somewhere you are
• Provide a factor based on your location
• The transaction only completes if you are in a
particular geography
- IP address
- Not perfect, but can help provide more info
- Works with IPv4, not so much with IPv6
• Mobile device location services
• Geolocation to a very specific area
• Must be in a location that can receive GPS
information or near an identified mobile or 802.11
network
• Still not a perfect identifier of location
Something you do
• A personal way of doing things - You’re special
- Handwriting analysis
- Signature comparison or writing technique
- Typing technique - Delays between keystrokes
- Very similar to biometrics - Close to something you are
