Are you curious to know about what web sites are doing to authenticate and validate you are who you say you are? First you need to understand what an Authentication Factor is:
An authentication factor is a piece of information used to authenticate or verify a person’s identity on appearance or in a procedure for security purposes and with respect to individually granted access rights.
Basically factors of the category of authentication factors are applied. Such authentication factors mostly are so called human authentication factors, but not exclusively.
Factors are generally classified into three classes (in the order of strength of allocation):
- Something You Own -Â Something the user has (e.g., wrist band, ID card, security token, software token, phone, or cell phone)
- Something You Know – Something the user knows (e.g., a password, pass phrase, or personal identification number (PIN))
- Inherence - Something the user is or does (e.g., fingerprint or retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), signature or voice recognition, unique bio-electric signals, or another biometric identifier).
Most websites you visit online strictly deal with Something You Know factor, which is merely knowing your account username and/or password. Some sites try to increase this level with something called One Plus Factor security and have security questions, or have you memorize and save an image with a passphrase in addition to knowing the username/password to login.
True Two Factor authentication requires a combination of at least one from each category listed above, having two “Knowledge” based authentication factors is not true two factor authentication.
Two factor authentication is primarily used for the highest level of security systems and is wisely used by financial institutions worldwide, in most two factor solutions you are using some kind of physical KEY FOB which contains a predetermined sequence of numbers which change rapidly that you must enter, in addition to a username and password. These are often RSA or OATH tokens but many vendors exist. Digital certificates are another method used in combination with something you know to create two-factor authentication.
Biometrics is the latest round of two factor authentication and is useful except you often have to train the system to recognize each unique person’s biometrics if it is a shared system, which can be time consuming. Typing Pattern technology which tries to recognize you based on how quickly you type or your style of typing are unproven and I would not recommend them yet at this time.
-Dragon Blogger
-some of this articles source comes from Wikipedia
Related posts:
- WordPress 2.8.4 Security Update Yesterday I updated all 7 of my blogs to WordPress 2.8.4 to address the security fix that was mentioned below...
- Manage All of Your Passwords Online Security with Clipperz Online Password Management and direct password login are rapidly becoming an essential in today's world, you need a password manager...
- Find System Statistics with WP Security Scan Wordpress plugin WP Security Scan can tell you some great information about your system settings for your blog, like memory...
- Web Site Security Basics Part 1 This article is for anyone who runs a web site professionally or as a hobby. It doesn’t matter if you...
- Beware Of Websites That Ask For Twitter Credentials While browsing various blogs on the web mostly from my Entrecard account I came across a blog where there is...
| via FaceBook, Twitter, RSS or Email |  |
Enter your email and subscribe now!
Tags: about authentication, Authentication Factors, authentication types, biometric authentication, strong auth, three authentication types, Two factor authentications, web authentication, web authentication methods, web security authentication, what is authentication, wiki authentication
August 11th, 2009 at 3:54 pm
This is quite an interesting topic, one I haven’t thought about too much until now. I have a question, a lot of banks and credit card sites I visit are getting this “personal image” thing when you log in. You select it when you register and then when you log in it shows you the image (mine is an electric guitar at B of A) and says: “If this is not your security image ….” What extra security does that offer?
[Reply]
August 11th, 2009 at 4:18 pm
This is called 1+ Factor authentication and leverages two “Something you Know” items. It is the same category as having a username/password and some security questions, it is not true 2-factor authentication, in most cases it is completely useless since you often already entered the username/password and just accept past the image, it doesn’t prompt you for another passphrase. From a web security perspective there is no additional security benefit by showing you a picture with a little phrase (ING does it as well), it is more to throw up a warning in case you logged into a different account or site, or if your image doesn’t match what you remember it could mean someone changed it, but that is extremely unlikely.
[Reply]
August 11th, 2009 at 11:56 pm
Hi, have a look at FireID. Instead of carrying hardware fobs, your OTP is generated on your mobile phone itself, ie., no SMS’s. And the application is PIN protected, ensuring a secure two-factor authentication method using everyone already has
[Reply]
August 12th, 2009 at 7:29 am
I should have mentioned OTP (One Time Passwords) as an additional layer of security, though it is still in the “Something You Have” category and is not true two-factor unless combined with one other category.
[Reply]
October 24th, 2009 at 12:23 pm
I think there are a lot of options in true factor. Voice recognition in addition to personal PINS and passwords is becoming very popular in online banking.
[Reply]