Difference between revisions of "Authentication Factor"

From MgmtWiki
Jump to: navigation, search
(Something you Are)
(Something you Are)
Line 34: Line 34:
==Something you Are==
==Something you Are==
* aka [[Biometrics]] which see.
* aka Biometrics, see the wiki pages on [[Biometric Attribute]] and [[Biometric Identifier]]

Revision as of 12:29, 20 March 2022

Authentication Factors

Attributes or Credential that are used in support of Authentication of a user's Identifier.



Applicable only in this wiki page:

  • Authentication = the establishment of a link between some real-world entity (person or machine) and a digital identity.
  • Machine = any device that can attach to an Internet address.
  • Digital Identity = a User Object or a list of attribute attributed to you in an on-line database.
  • Digital Identifier = a collection of symbols that is used to find your digital identify in a data base
  • Passwordless = any online identification that does not include something you know.


  1. Authenticating yourself to a device in hand
  2. Authenticating yourself to a web site over the internet
  3. Authentication yourself to a physical access device

Something you Know

  • This is the oldest factor for creating a digital Identity.. There are two primary sources of things that you know.


  • The most common attack against passwords is to steal a list of passwords from some site that stores them.
  • One easy attack is brute force guessing of the password, which works well if the attacker has unlisted guess. This can be mitigated if the system does not allow a large number of guesses.
  • Note that when the password is tased and the hash stored rather than the password, only limited protraction is give since the access to the hash allows unlimited brute force guesses.
  • Also if the hash secret is shared as happens on Active Directory sites, the hash along high be sufficient to access another protection zone if the user reused the password.

Something you Have

Note that this case includes something called cross-device authentication which is logically indistinguishable from this case.

  • Usually a digital artifact that is able to create a one-time access code (aka a one-tine password)


  • Attacker takes the device away from you
  • Attacker has a device that can spoof a Relying Party into thinking it is working on your behalf.

Something you Are