Difference between revisions of "Authentication Factor"
From MgmtWiki
(→Something you Have) |
(→Attacks) |
||
| Line 26: | Line 26: | ||
===Attacks=== | ===Attacks=== | ||
* Attacker takes the device away from you | * Attacker takes the device away from you | ||
| − | * Attacker has a device that can spoof a [[Relying Party]] into thinking it | + | * Attacker has a device that can spoof a [[Relying Party]] into thinking it is working on your behalf. |
==Something you Are== | ==Something you Are== | ||
Revision as of 12:04, 20 March 2022
Contents
Authentication Factors
Attributes or Credential that are used in support of Authentication of a user's Identifier.
Context
Taxonomy
Applicable only in this wiki page:
- Authentication = the establishment of a link between some real-world entity (person or machine) and a digital identity.
- Machine = any device that can attach to an Internet address.
- Digital Identity = a User Object or a list of attribute attributed to you in an on-line database.
- Digital Identifier = a collection of symbols that is used to find your digital identify in a data base
- Passwordless = any online identification that does not include something you know.
Problems
- Authenticating yourself to a device in hand
- Authenticating yourself to a web site over the internet
- Authentication yourself to a physical access device
Something you Know
- This is the oldest factor for creating a digital Identity.
Something you Have
Note that this case includes something called cross-device authentication which is logically indistinguishable from this case.
- Usually a digital artifact that is able to create a one-time access code (aka a one-tine password)
Attacks
- Attacker takes the device away from you
- Attacker has a device that can spoof a Relying Party into thinking it is working on your behalf.
