Multi-factor authentication

From Decimal Wiki
Jump to navigation Jump to search

Multi-factor authentication is an extended verification procedure (or a method of controlling access to a computer). To gain access to information, the user must present more than one “proof”.

Categories of the evidences

Data that the subject possesses.

This is secret information that only an authorized subject knows. The password can be a speech word, a text word, a combination for a lock or a personal identification number (PIN code). However, it has significant drawbacks: it is often difficult to keep a password secret, because attackers are constantly coming up with new ways of stealing, hacking and password selection. This makes the password mechanism unsecure. Many secret questions, such as “Where were you born?”, are elementary examples of the knowledge factor, because they can be known to a wide group of people or be investigated.

A thing that the subject possesses.

It is important here that the subject has some kind of unique object. It can be a personal seal, a key to the lock, a data file containing a characteristic. The characteristic is often embedded in a special device: for example, a plastic card. It is more difficult for an attacker to get hold of such a device than to crack a password, and the subject can immediately report in case of theft of the device. This makes this method more secure than a password mechanism, but the cost of such a data access protection system is higher.

A property that the subject possesses.

A characteristic is a physical feature of the subject. It can be a face, fingerprints, iris, capillary patterns, DNA sequence or voice. From the point of view of the subject, this method is the simplest: you do not need to remember the password or carry an authentication device with you. However, the biometric system must have high sensitivity in order to confirm an authorized user, but reject an attacker with similar biometric parameters. Also, the cost of such a system is quite high.

Double-factor authentication, 2FA

Double-factor / two-factor authentication (2FA) is a type of multi-factor authentication. 2FA is a technology that provides user identification using a combination of two different components. The bright example of two-factor authentication is Google authorization. When a user logs in from a new device, in addition to password authentication, they are asked to enter a six-digit/eight-digit confirmation code. The subscriber can receive it by SMS or by voice call to his phone.

Also, a new one-time password can be generated by the authenticator application in short periods of time. The method of receiving the confirmation code is selected in the settings.

See also