Multi-Factor Access Control Authentication Guide

By: Brian Rhodes, Published on Dec 10, 2018

Can a stranger use your credentials? One of the oldest problems facing access control is making credentials as easy to use as keys, but restricting them to certain individuals.

Multi-factor authentication is used when the end-user is concerned about who can use access control credentials. In this guide, we explain the concept and the elements involved, including:

  • What Does Multi-Factor Authentication Mean?
  • What Benefits Multi-Factor Offers
  • The Four Factor Types Available
  • Which Factors Are Common For Access Control
  • What Drawbacks Multi-Factor Authentication Have
  • Why Single Factor Authentication Is Still Common

*** * ******** *** your ***********? *** ** the ****** ******** ****** access ******* ** ****** credentials ** **** ** use ** ****, *** restricting **** ** ******* individuals.

*****-****** ************** ** **** when *** ***-**** ** concerned ***** *** *** use ****** ******* ***********. In **** *****, ** explain *** ******* *** the ******** ********, *********:

  • **** **** *****-****** ************** Mean?
  • **** ******** *****-****** ******
  • *** **** ****** ***** Available
  • ***** ******* *** ****** For ****** *******
  • **** ********* *****-****** ************** Have
  • *** ****** ****** ************** Is ***** ******

[***************]

Multi-Factor ************** *******

*** ******* ***** **** more **** *** ********** must ** ********* ** order ** **** ******. However, *** *********** *** 'layered' ** * *** that **** ********** **** other.

Four ************ *******

*** ********** ************** '*******' cannot ** *** ** the **** ***** *** are ********* ********** ******* types ** ***********. *** 'factor ******' *** ******** cited **:

  • ********* *** **** ***: * **********/********** ******* administratively ** *** ****. Typically ** ****** ******* badge, *****, ** ***. Also ******** * ********** key, ********** **, ** passport.
  • ********* *** **** *****: ********* * **** or ******** **** ******* by *** ****. ********* a *** ******, *** also ******* '******** *********' or '**** * ****** Security *****' *************.
  • ********* *** **** **: ********* ******** **** the **** ** **** to *******. ********* ****** or **** ****** *** used, *** ***** ******** possible ********* **** ***********, heartbeats, ******/**** *****, *** even ****.
  • ******* ******* ******** *** User: ***** ******* **********, another ***** ********** *** and ******* *** *** user. **** ***** ** a ****** ***** ** even * ************ **** grants ****** ***** ** familiarity.

Multiple ******* ********** ************

**** ** ***** ** securing ******, *********** **** a ***** ****. **** it ***** ** ******** credentials *** ******** **** the ***** ****** *** using ****, ******** ******* are ****** **** ** the ******** ******* *** weak.

* ******** ******* ** many *** ***-****** ***** and **** **** *** automatic ****** ********. **** credential, **** **** *****, is **** *** ****** defeated ** ****** *** malicious ***.

*******, **** ** ******** do *** ******* ********* embedded *****, ***** *** card ** ********* ******** with * ********* ***.

** *** ****, *** only *** ***** ***** required ** ** ******, but *** ******* *** required ** ** *******. This ***** ************ ****** factors ******** ** ********* them **** ******** ****** of **************.

Multi-Factor *******

** * **** ***** reader ******** ********* *****, fingerprint *****, *** ****** codes *** '*****-******' *******, two ** **** *********** would ** ******** *** entry, *** **** ********* credential ****** *** ********** for *** **** ** present ** *** ****.

*** ***** ***** ***** an ******* ** * typical '***** ******' ****** device:

*** ******* **** ******* support ****. *** *******, this *****-****** ****** ****************** ********* **** ***/** voice ************** ******* ** the **** ****** ***********:

Different *****

*** ****** ****** ** applied ******* **** ********* to ** ***-****'* ******** concerns. ***** ****** ********* about *** ******** *** of **** *********** *** require *** *******, ***** high-security ************* *** ******* three ** ****. ** define *** ******* ***** tiers *****:

Two *******

**** ***** * *********** of '********* *** **** ***' *** '********* ** *****', **** ** ****** Control ****** **** *** accompanying *** ******. **** if *** **** ***** the ****, ** ************ finder ****** *** ** to **** ****** ****** they **** **** * code, ***** ** ***** only ** *** ****.

******* *********** ********** ****** are **** *********, ** is **** ****** ** see *********** ** ***** physiological ******* **** **'********* *** **** **' ** *** ****** authentication.

Three *******

**** ******** ******** ** even ****** ***** ** validation, ***** ******* *** required. **** ***** **** is * *********** ** biometrics, *** *****, *** access ******* ***********, *** become ************* **** ****** to ********* *** ****** than ****** '****** ******' authentication.

** * ****** ** both **** *** **** to *** **** ***** of **************, ** ** used ** ******** **************, military, *** ******** ********** but *** ********* *** commercial ***-*****.

Guard/Verification ******

*** ******* ***** ** authentication ** ***** **** at ******** *** ***** sensitive *********, ***** ****** checkpoints *** **** ** conjunction **** *** ***** factors. ******* **** ******* takes *** **** **** and ** *** **** labor *********, ** ********* is *** ******** ****** the ******** **** ** very **** *** ******** manpower ** *********.

Multi-Factor ************** *********

******* ******** ****** ************ of *****, *****-****** ************** has *********.

*** ******* *********** *** is *** ********** **** required ** ******* ** manipulate *** ********** **********. Especially *** ******** ***** high ***** ******* *** needed, ****** **** **** to ******* **** *** additional ****** ***** *** more **** * *** seconds *** **** ****, potentially ****** ** ** many ******* **** *** course ** *** *****.

******* ********* ****** ** the ********* ***** ** multiple ****** ******* **** simple, ****** ****** ***** like *********** *******. * combination *****-****** ****** ** often $*** - $*,*** more **** * ******-****** unit ******* $*** - $300. **** *** ****** of **** * ***** system **** * - 4 *****, ***** *****-****** readers *** ******** ***** by *********.

Single ****** ***** ******

* ******** ** ********** access ******* ******* *** 'single ******' **************, *** this ** ********** *** the *********** ******** ** most ***-*****. *** ****** credential **** ** **** is **** ** *** identity ** *** ******, and *** ****** ******** (ie: *******, *****) ** recorded *** **** ******.

*** *********** *** ******* the **** ****** '****** factor' **********. ** ***** verification ** *** ****** is ******** **** *** key *** **** ******. While ********* ******** ** high-tech ********** ****** ***********, mechanical **** ***** ******* an ******** '***** *****' of ******** *** **** millions ** **********.

*** ***** *******, ***** multiple ******* ** ****** identity *** ** **** to *******. ******* ******* supporting ***** ****** *** more *********, *** ****** manned ************ ***** ** overhead *** ****** ********* without ******** *************, ****** factor ******* *** ******** method ****. *******, **** risks **********, ***** ** an ********** ********** ** strengthen ********.

Comments (18)

**** ****'* ******* **** this ** *** *** mobile ******. *********** *** provide *********, *** & gesture ** *** **** you *** ** **** you ****. *** ***** is **** *** ****. There *** ******* ********* that ***** **** *** with **** ****** *********** implementations. 

*** ** **** ********* the **** *** ****** biometric *******, *** ********* allow *** ************* *** ability ** ******* *** by *****/******, ****/**** *** schedule.

 

**** *** ****** ***'* like ******** *** ***** phones. *** *** **** so **** **** ***** for ******* ***** ******* without ****** *** **** you **** ** ****** have ****** *******, ** activate *** **** *** a ****.

******, *******, ** ****** devices *** * ******** medium, *** **** *** '********* *** **** *****'**** ***** ****** ******* would.

** ** ****, **'* an ********* ** *** existing ******* *********, *** isn't *********** *** ** additional.  

*** **** **** ****, if *'* *** *******, then ********* ** **** add **.  **'* ** interesting ************** ** ***, I'm **** *** ************ that ** ** * new ****.

****** **** *** ******** makes *** *** **** phone ******* * ******, but ***** *** *************** where *** ***'* **** need ** **** **** phone *** ** **** pocket *** ****** ***** you *** **** **** request ** *** ******** the **** ** * more ******* ***.

****, *** ** ** it's *** **** **** more ******. *** ** you ***'* **** ** take **** ***** ***, then ***** ** ** app *** ************* ****** (either ********* ** ***) always ***** ******* **** at ***** **% ** people **** ******** *****, and **** ** ***** will ******* ** ** upper **********. :)

*** ********* ** *** has ****** **** ********* people's **********, ****** *** expectations.

***** ** ** ***** Video **** ** ** integrated **** ****** ******* in *** **** ** maglocks **** ******** ******* and ** **** ******* tied ** ********** ***** to ****** *** *** accessed * ****.

**** **** ******* ** be * ******* **** of **********.

******, ** ** ****, video ** **** **** would ** *** "************", not ******. ********* ** was *** ******* ****** using *** ********** ** gain ******. ****** ** is * ****** ***** station ***** ***** ** see *** ** ** the **** ******* ******.

** ***** *** **** the ****** **** - '******* ******* ******** *** User'.  ** ***** ** somewhat ***** ** ** this **** ******** *** cameras (****** ***** **** outside *** ***, ** the ***** *** ** poor *******, ***) *** I ***** ** ***** fall **** **** ********.

****** ********** *************** *** clearly ** *** **** as **** * ******* end ***** **** ********** and **** ***** ***** to ******** **** ****** to ***** ***** ****, data ******* ** ****** doors. ******* *****...******** & habit ******. ** ** use *** ****** *** *** personal ***, ** ***'* mind ******* ** ** App, *** **** ** is ******** ** *** company ** ************ * person ** *** ****** and *** ****** ** the ******, ********** ** change ** ***** ** pilots. ** *** ***** hand, *'* *** ***** to **** ** ***** on * ******* *** day.

********* **, *** **** implementation ******* ** **** integrate **** **** ***** intercoms

**** *** ****** ****** need ** ** * person? *** *******, ** someone **** *** ******* badge, ***, *** ********* appeared ** *** **** at *:****, ***** ** AI ********* ****** **** this ******** ** ********** with *** *** ****** usually *******?

** ***** **** ** more ** * ********** biometric, *** **** ********** as "********* *** ***"?

*** ***** ************/******* ******* verifies **** **** *****'* *********** need ** ** ***** intensive.  *** ********, ********* Command ****** *** * feature ***** *** *** set ** '**********' ** doors, ***** *** ***** at *** ******* ****** gets ******** ******** *** badged at *** ****, *** give *** ***** * set ****** ** **** to ***** ** **** the *******.  ** *** show * **** ****** **** with ******** * *** audio, ** **** ** any ******** **** ******, such ** ******, **** you ******* ** **.  As **** ** *** already **** * ****** monitoring *** ****** ******* system and ***'* *** ** on ***** **** **** constant ******* ** *** be **** **********. 

************ ***** *** **** you *** ******* ********* so ***** ***** ** be * ********* *********** badging ******** ** **** a ****, ** * "host" **** ********** ***** to ***** ***** *** a "*******" **** ********** to ** **** ** scan ***** ***** *** get * ***** *****.

* ********** ******** ******* and * *** **** your *** ******, ******’* it ** ******* ** have ** ****** ******** for *** **** **** if ******* *** *** allowed ** ** ** work ****** *** ***** a *** **** *** set *** ****** ** email ** ***** ** the ******** ******* ***** would ******* *** **** holder *********** *** *** the ***** ** ****** if ** ** *** actual ****** **** ******.

 ******’* ** ** ******* to **** ** ****** schedule *** *** **** door ** ******* *** not ******* ** ** at **** ****** *** after * *** **** and *** *** ****** to ***** ** ***** to *** ******** ******* which ***** ******* *** card ****** *********** *** yes *** ***** ** verify ** ** ** the ****** ****** **** holder.

****, *** ***** *** many ***** ****** ** needed *** *********** **** falls ******* ** ****** schedules. (******* ****/********, ***)

****, **** ********** ****** do *** **** ******** staff ******** ********** ****** systems ** ***** ************ for ************.

** *******, ****** ****** ******* ****** *** Schedules ** * ***** **** regardless!

** **** ** *** eveyone's *************. ** **** in * **-******* *****, the ***** **** ****** control. *** ** *** doors ** ********** ***** had * **** ******* the **** ****. ** you'd ***** ******** ********** would *** ** *** a **** ** **. Nope, **** ******** *** other ***...Access control defeat device

**** **** **** **** included *** ************...

* ******* ******** *** fourth ************ ****** *** updating *** **** ** follows:

1. ********* *** **** ***

2. ********* *** **** *****

3. ********* *** **** **

4. ******* *** **** ** ****

*** ******** ********* "******* ******* ******** *** User"******** ******* ***** ********** IDs *** ******* *** the **** *** ****** access ***** ** ***********. I ******* *** ***** or ************ ****** ** this ******* ** ******** acting ** *** **** capacity ** * *****-****** reader (*********** *** ********** based ** **** **** have, ****, ** ***). The ***** ** ************ is ********* *** * "verification ******" ** *** same ***** ** *** other ***** ***** ** the ****.

******** *** *** ****** to "******* *** **** ** with"********** ************** ** ******** user ************** ************ (*.*. the "***** ******") ***** two (** ****) ********** individuals *** ******** ****** access ** * ******** or ****** ** *******.

Someone *** **** ** ****

** *** ******** ** an *************** ****** **** another ************* **** ****, or ******?

** ** *** ** authenticated *******, ***’* **** just * ******* ** the “******* *******...”?

********** ** *********** #*:

********* *** ** **** authorized ***** ****** ******** access ** ** ******* of "******* *** **** is ****". *** *******, Person * ****** ***** a ********** **** ****** another ********** ********** (****** B ** * ** D ***.) ** **** present (***** ** *** additional ********** ******). **** individual **** ** ******** separately ***** ** *** pair ***** ******* ******. Either *** ****** ** gain ****** ***** ***** not ** **** ** gain ****** **** ****** they *** **********.

* ***** ******** ****** to ****** * ** the **** ** * card ****** ******** ****** to ****** *. **** both ****** *** ******** of ****** * *** grant ****** ***** ** his/her ************* *****."******* *** **** ** with"******** ********** ****** * to **** ** ********** Person * **** **** prior ** *** ***** (or **** ******) ******** access. *** ***** (** card ******) ******** *** verification **** ****** * and ****** * *** both ********** *********** *** that ******** **** **** the ******** ** ** granted ******.

Read this IPVM report for free.

This article is part of IPVM's 6,367 reports, 855 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Low-Tech Access Control: Master Keying Explained on Jan 09, 2020
Mechanical keys are one of the most fundamental forms of access control. 'Master Keying' can allow individually different credential keys to...
Fail Safe vs. Fail Secure Tutorial on Oct 02, 2019
Few terms carry greater importance in access control than 'fail safe' and 'fail secure'. Access control professionals must know how these...
Maglock Selection Guide on May 16, 2019
One of the most misunderstood yet valuable pieces of electrified hardware is the maglock. Few locks are stronger, but myths and confusion surround...
Favorite Access Control Credentials 2018 on Mar 22, 2018
In this 2018 access integrator statistics result, which credential type holds the favored spot to unlock access doors? More than 150 integrators...
Access Control - Restricted Keys Guide on Mar 15, 2018
Not all doors, even in larger facilities, can justify using electronic access control. And even for doors that do have electronic access control,...
Risks Of Managing End User Passwords (Statistics) on Dec 05, 2017
Integrators know admin passwords for nearly all end-user systems, according to IPVM statistics. But how do they manage them? How do they ensure...
Integrators Know Admin Passwords For Nearly All End-User Systems (Statistics) on Nov 01, 2017
With cybersecurity concerns rising, more scrutiny is being applied to various elements of security implementation. One of those is who knows the...
Hikvision VMS Password Recovery Vulnerability - Emailing Admin Passwords In Plain Text on Aug 28, 2017
Hikvision iVMS-4200 suffers from a vulnerability that allows anyone local, without authentication, to generate a code that Hikvision will respond...
Hikvision Security Code Cracked on Aug 08, 2017
Hikvision's 'security code' feature has been cracked and a program generating security codes is being distributed online. IPVM has obtained and...
Uniview Weak Local / Strong Remote Password Policy Tested on Mar 14, 2017
With the continuing onslaught of cyber-security breaches (see Dahua backdoor recently discovered, Hikvision defaulted devices getting hacked)...

Most Recent Industry Reports

Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020
Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...
Uniview Wrist Temperature Reader Tested on Jul 02, 2020
Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...
Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an expanding offering in the midst of coronavirus. Hanwha in partnership...
UK Government Says Fever Cameras "Unsuitable" on Jul 01, 2020
The UK government's medical device regulator, MHRA, told IPVM that fever-seeking thermal cameras are "unsuitable for this purpose" and recommends...
Camera Course Summer 2020 on Jun 30, 2020
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop, most are still moderately dealing with the pandemic's problems, June...