Sign In
Create Account
1
Simple Authentication has always been UserID + Password. The problem is there are several ways in which both of these can be discovered or stolen.
Two-Factor Authentication (a variation of multifactored):
- Something the user knows (e.g., password, PIN);
- Something the user has (e.g., ATM card, smart card); and
- Something the user is (e.g., biometric characteristic, such as a fingerprint).
An example of true multi-factor authentication is requiring that the user insert a Smart Card into a Smart Card Reader (something the user has) and enter in a Password (something the user knows). Requiring a valid fingerprint via biometric fingerprint reader would add a third factor (something the user is).
Many banks now use logon systems which contain
- A thumbnail graphic that the user has previously selected
- along with a short, user written text phrase
- one or more user selected questions and user recorded answers
One-time token is a password that is random and good for only one session. The next session requires a different token. This avoids any keylogger from capturing and replaying the UserID + Token. The issue is how to securely give the token to the user for that one-time use? Email works as the URL & UserID are not in the email. SMS texting to a cell phone should work if the message could not be intercepted and/or was encrypted (premise is false!). A numeric page to a pager is another possibility.
Public-Key Cryptography: see references below
Digital Signature: Uses a private-key for signing and a public-key to decrypt and read or process. Kerberos is an implementation variation.
references:
wiki for multi-factored authentication
Public-Key Cryptography
