09
Apr
08

“Who you are, what you have, what you know”

By Josiah Leave a Comment
Categories: Authentication
A thumbImage via Wikipedia

(Authenticating users and the data is critical to maintaining the integrity of security online. Authentication methods – or factors – can include something that the user has (software or security token, ID card, etc), something that the user knows (password, pin, etc), and/or something that the user is or does (biometrics such as fingerprint, signature, or voice pattern). Truly then, as the title indicates, authentication is based on “who you are, what you have, what you know”.

Using more than one factor in an authentication process in commonly referred to as ‘strong authentication’. More and more, authentication processes are moving to ‘strong’ methods to provide stronger assurances that data and user are truly authenticated.

Below is a review of some common examples of the factors listed above:

  1. What the user has: tokens such as a Smart Card or a USB drive are commonly used as one factor of authentication. As USB devices become more powerful and less expensive, the difference between those USB devices and smart cards are beginning to fade. Another token device on the horizon is the cell phone. Using the cell phone as a token eliminates the need for another device and can serve as a means to enter in a password – making this a dual-channel two-factor method of authentication. (See http://arstechnica.com/news.ars/post/20070717-phonefactor-rings-up-two-factor-authentication.html)
  2. What the user knows: passwords and pins are an important part of authentication, but they are increasingly more only a part of that authentication. Making stronger passwords and/or combining the password with a token (as noted above) are additional ways that ‘what the user knows’ is being implemented with more secure results.
  3. What the is or does: biometrics such as fingerprinting or retina scans, while generally reliable, are proving to have weaknesses. (These weaknesses are largely mitigated by requiring another factor with it.) Other methods, such as signature and voice pattern are examples of what you do.

(See http://en.wikipedia.org/wiki/Two-factor_authentication)

from news.zdnet.com posted with vodpod

Advertisement

0 Responses to ““Who you are, what you have, what you know””

Feed for this Entry Trackback Address

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

« The Low-down on Backup
NIST SP 800 / ISO17799 / PCI Credit Card Standard »
Follow

Get every new post delivered to your Inbox.