Multi factor authentication
The Business need for Security
Can multi factor authentication be breached?
Authentication:
Fundamental of information security is based on three principle Confidentiality, Integrity and Availability. How a user will be able to access asset by following these three principle is called as Access control. “Access control is the process of allowing only authorized users, programs and other computer system (i.e. networks) to observe, modify or otherwise take possession of resources of a computer system. It is also a mechanism for limiting the use of some resources to authorized users.”
The first step of granting access is authentication. Identification is the assertion of a unique identity for a person or system like user name, user id account number etc., whereas verifying some private information that only the user has access is called as authentication.
There are following factors which are generally used for authentication:
1. Authentication by knowledge (something a person knows)
2. Authentication by possession (something a person has)
3. Authentication by characteristics (something a person is)
Authentication by knowledge is generally implemented with user id and password combination. Authentication by possession is generally implemented by hardware or software tokens, onetime password etc. where as authentication by characteristics include biometric authentication such as fingerprint scan, retina scan, iris scan, handwriting pattern, voice etc. In recent years, a potential fourth factor has made an appearance on landscape: geolocation or somewhere you are.
Single factor authentication is generally implemented with use id and password combination. Two-factor authentication usually combination of two of the three mentioned types whereas three-factor authentication is combination of all three factors.
The general term for the use of more than one factor during authentication is multi factor authentication. Use of weak passwords has
Can multi factor authentication be breached?
Authentication:
Fundamental of information security is based on three principle Confidentiality, Integrity and Availability. How a user will be able to access asset by following these three principle is called as Access control. “Access control is the process of allowing only authorized users, programs and other computer system (i.e. networks) to observe, modify or otherwise take possession of resources of a computer system. It is also a mechanism for limiting the use of some resources to authorized users.”
The first step of granting access is authentication. Identification is the assertion of a unique identity for a person or system like user name, user id account number etc., whereas verifying some private information that only the user has access is called as authentication.
There are following factors which are generally used for authentication:
1. Authentication by knowledge (something a person knows)
2. Authentication by possession (something a person has)
3. Authentication by characteristics (something a person is)
Authentication by knowledge is generally implemented with user id and password combination. Authentication by possession is generally implemented by hardware or software tokens, onetime password etc. where as authentication by characteristics include biometric authentication such as fingerprint scan, retina scan, iris scan, handwriting pattern, voice etc. In recent years, a potential fourth factor has made an appearance on landscape: geolocation or somewhere you are.
Single factor authentication is generally implemented with use id and password combination. Two-factor authentication usually combination of two of the three mentioned types whereas three-factor authentication is combination of all three factors.
The general term for the use of more than one factor during authentication is multi factor authentication. Use of weak passwords has