SecurITyCerts dot Org

       Navigating Security Certifications

Cryptography: Multifactor Authentication

CISSP, GIAC GSEC, Security+ Review

Multifactor authentication is authenticating entities based on 2 or more of the following:

An example of two factor authentication would be requiring a hardware device, for example an RSA SecurID card, and a PIN (Personal Identification Number, i.e. a password) to authenticate.

Another example is using a passport (or other form of physical ID). It's something you have, the passport, and biometrics: presumably the person authenticating you checks to ensure you resemble the picture on the ID.

Of course nothing, including biometrics, is perfect. For example I am much better looking than my drivers license picture. In fact I barely resemble it.

I recall my friend Max having a very difficult time entering Hong Kong once. Passport control didn't readily believe Max, with a shaven head, was the same man on his passport, a younger trimmer individual with a full head of hair. He was taken aside and additional controls were applied before he was allowed entry.

Note that the most common form of authentication is one factor: password. Of course there are issues with passwords, including that most people have far too many and typically choose simple and easily guessed passwords whenever allowed.

Multifactor authentication is becoming much more common. For example, even my niece who works at a chain fast food restaurant is required to authenticate using a smart card and PIN. More computers are coming bundled with built in smart card readers as well, supporting multifactor.

I was excited when I purchased the laptop I'm typing on now, as it came with a built-in smart card reader. Unfortunately, it wasn't supported by Microsoft Vista when I bought it!