Multi-Factor Authentication Primer

Author: Brian Rhodes, Published on Feb 04, 2013

Can a stranger use your credentials? One of the oldest problems facing access control is making credentials as easy to use as keys, but restricting them to certain individuals. The technique of 'multi-factor authentication' is applied when the end-user is concerned about who actually can use access control credentials. In this note, we examine the concept and detail the ways many access control designers choose to use it.

Multi-Factor Authentication Defined

** ****** *****, *** ******* ***** **** **** **** *** credential **** ** ********* ** ***** ** **** ******. *******, the *********** **** ** '*******' ** * *** **** **** validate **** *****. **** ***** **** *** '*****-******' *******, **** than *** ********** **** ** ************** ********, *** ****** ** option ** **** **** *** **** ** ***** ****.

** * ***** **** ***** ****** ******** ********* *****, *********** scans, ** * ****** **** ** ***** ** ** '***********', two ** **** *********** ***** ** ******* *** *****, *** just ********* ********** ****** *** ********** *** *** **** ** present ** *** ****. *** ***** ***** ***** ** ******* of * ******* '***** ******' ****** ******:


*** ********** ************** '*******' ****** ** *** ** *** **** type, *** **** ** *******, ********, *** ********** ******* ***** of ***********. ***** '****** ******' *** ******** ***** **:

  • ********* *** **** ***: * **********/********** ******* **************** ** *** ****. ********* ** access ******* *****, *****, ** ***. **** ******** * ********** key, ********** **, ** ********.
  • ********* *** **** *****: ********* * **** ** ******** **** ******* ** *** user. ********* * *** ******, *** **** ******* '******** *********' or '**** * ****** ******** *****' *************.
  • ********* *** **** **: ********* ******** **** *** **** ** **** ** *******. Typically ************ ** **** ******, *** ***** ******** ******** ********* face ***********, **********, ******/**** *****, *** **** ****.
  • ******* ******* ******** *** ****: ***** ******* **********, ******* ***** ********** *** *** ******* for *** ****. **** ***** ** * ****** *****, ** even * ************ **** ****** ****** ***** ** ***********.

Different *****

*** ****** ****** ** ******* ******* **** ********* ** ** end-user's ******** ********. ***** ****** ********* ***** *** ******** *** of **** *********** *** ******* *** *******, ***** ****-******** ************* may ******* ***** ** ****. ** ****** *** ******* ***** tiers *****:

*** ******:**** ***** * *********** ** '********* *** **** ***' *** '********* ** *****', **** ** ****** ******* ****** **** *** ************ *** number. **** ** *** **** ***** *** ****, ** ************ finder ****** *** ** ** **** ****** ****** **** **** know * ****, ***** ** ***** **** ** *** ****.

******* *********** ********** ****** *** **** *********, ** ** **** common ** *** *********** ** ***** ************* ******* **** **'********* *** **** **' ** *** ****** **************.

***** ******: **** ******** ******** ** **** ****** ***** ** **********, three ******* *** ********. **** ***** **** ** * *********** of **********, *** *****, *** ****** ******* ***********, *** ****** significantly **** ****** ** ********* *** ****** **** ****** '****** factor' **************.


** * ****** ** **** **** *** **** ** *** this ***** ** **************, ** ** **** ** ******** **************, military, *** ******** ********** *** *** ********* *** ********** ***-*****.

**** ******: *** ******* ***** ** ************** ** ***** **** ** military *** ***** ********* *********, ***** ****** *********** *** **** in *********** **** *** ***** *******. ******* **** ******* ***** the **** **** *** ** *** **** ***** *********, ** typically ** *** ******** ****** *** ******** **** ** **** high *** ******** ******** ** *********.


Multi-Factor ************

**** ***** ****** '****** ******' ************** ** **** ******, *** multiple ******* *** ******** ******** ** ******* ************* ******* ** access *******. **** ***** ******** ********:

  • ATM ********: Not only are debit cards required to be swiped, but PIN numbers are required every time a cash transaction takes place at one of these machines.
  • ******: ********** **** ****** *****, *****, ** *** ***** ******* takes ********* ** ********* '********* *** ****' *** ********* '********* *** ****' ** ******* ****** **********.

**** ** ***** ** ******** ******, *********** **** * ***** role. **** ** ***** ** ******** ***********, ******** ******* *** required.

Single ****** ***** **** ******

* ******** ** ********** ****** ******* ******* *** '****** ******' authentication, *** **** ** ********** *** *** *********** ******** ** most ***-*****. *** ****** ********** **** ** **** ** **** to *** ******** ** *** ******, *** *** ****** ******** (ie: *******, *****) ** ****** ******* **** ******.

*** *********** *** ******* *** **** ****** '****** ******' **********. No ***** ************ ** *** ****** ** ******** **** *** key *** **** ******. ***** ********* ******** ** ****-**** ********** access ***********, ********** **** ***** ******* ** ******** '***** *****' of ******** *** **** ******** ** **********.

*** ***** *******, ***** ******** ******* ** ****** ******** ***** be ********** ******. ******* ******* ********** ***** ****** *** **** expensive, *** ****** ****** ************ ***** ** ******** *** ****** justified ******* ******** *************, ****** ****** ******* *** ******** ****** used.

Comments (17)

****** **** *** ** **** ** ***** ****** **************. ** some ******, ** **** ** ***** * ******* (*** * persons) ** ******* ********** ** ******** **** ***** ** ****** to ****** * ****, *** ******* *** ** ***. **** remain ****** ** *** ** **** **** *** *******, ** outside *** ******** **** *****.

*** ******* ************ ****** **************** ******* ** ********** * *** ******* ** ******. ********* for ****** ****** ******* ****** ** ****** **** ***** ******'* credentials.

******* *****, **** ***** * ****** **** ** * ***** & ****** ***** *** *** ********* ****** **** ********* ** the **** ******* *** *** ** *** ****, ** **** considered * ***** *** ********* *********? ** ** ** ******** an ********** ********* ****, *.*.,********* *** *****...

*********** ********.*********** ** ********** * *********, ** ***** ** ****.

****** **** (**** **** '**' ** ** **********) *** ***** checks **** ********* ** *** **** ** *** ****, ** is ** ***** * ***-****** *****: *** - *** **** the ****, *** *** - *** '***' *** ****** *** was ****** *** **** (********* ** **** *********).

** *** ****, *********** ** * **** *********, ***** ** can ****** ** *******. *** **** ** ***** *** * finite ********** ****** *** ************. *** **** ****, *** ** appears ** ************ ****** **** ****. *** *** * ***** something **** * ** **** *** ***** **** ********* ****** if * ** **** *** *****, ** *********** *** ************* that ***** ********** ** ***.

*********** ** * **** *********, ***** ** *** ****** ** spoofed.

*** ***** *** *** **** ***** **** ** ** **** the ****** ********-********* ********* *** ******** * *****, **** * very ******* *********, ******* **** ****** *. ******* ******* ** the ********* *** ** **** ****. ***** **** *** * breeze ** ********* * ********** ****** **** **** **** ******* purchases ** ******** **** *** ***** *** ********** *** ********* validation ********** ***********...

** ***** ******* ******* **** **** * '***** ***** ******' panic ******? **** *** ******, **** *** *** ***** **** or *********? :)

*.*. * ***'* **** ***** *** *** * ** * 'warm *****'...

** *** *** *** ********** ** ****** ********* ** *** facility. ********* *** *** ** ** ******* ***** ******** *** search **** *** *** ***** ***** ************. ****** **** ********* through *** ** *** ***** ****** **** *********, *** *** identifies *** ***** *** **** ***** *** *** ***** ***** print *** ************.

******** *** *** ****** *** ********* (*** ***** ** ***** up *********** *** ************) ** * **** *****, **, *** something * ****** **** *** ********** ******. * **** ******** on *** ******* ** *** ********* ************ ** *** **** about ***** *********.

**** ** ****** '************ ****' *** **** ********* *******.

******** *******'* ******** *********** ********** ** ***********, ***** *** **** ****** ******** **** *** fingerprint ******** *** ********** ****. *** **** ***** * ***** to **** *** ********** **** *** ******, *** *** ****** does *** ******** **** *** *********** ** *** ****** ****** unless *** *********** **** ******* *** *** ********** **** *** card.

*** **** **** ** ***** ** *** ******** ******, *** the ***** ******* *** *** ****** ***** *** ***** *********** are *****.

*** *******, ** **** ****** **** * **** ****** **** had * **** ***** *** **** ****** ***** *** ****** active ***** *** **** ** **** + *** *** ******* AND *******.

**** ***, *** ***'* **** ******* ****** ** "****" *** biometric ****. *** ***** **** ** ***** *** **** ** card + *** *****.

***** *** **** ***** ***** **** "********" ** **** ** retnia ****** ** ******* ** * ********* ******* ***** **** was * "********" **** *** ******** ** ********* **** ****. Having *** ********** ******* ***** ******* ** ***** *** ****** requiring **** ***** ** ** *****...

*** ***** *** **** ******** ****, **** *** *** ********** authentication? ****** **** *** *** **** ***********. * ***** ** should ***** ******** ***.

**** ********! ***** *** ******* ******* *** ********* ***'* ****** a **** ******, **** ** **** ** * '*****-******' *****:

****: ********* ******* ***** **** ****. ********* **** * ***** fingerprint ** ******** ******** ******* ***** ****. ****** ******** ******* a ****** **** ******* ****'* **** ******* **** **** *** waiting, *** ***** ******* *** ** ******.

********: ******** * *********** ****** ******* *** ** **** ****** summer, *** **** *** ******* ** **** *** ***, *** might **** ************ ********** ** *** ***** ****** ** **** off ****** ****** ** *** ** *** ****. *************, ***** problems ******** ************************** **. ***** *** ***** ******* ***, **** ***** *****, iris ******** ****** *** ***, *** ** **.

*******: **** ****** *** **** ******** ************* **** ********* ********. Some ***** ****** ** '******** ******* ***** ******'. ** *** disagree *** ***** **'* *****, *** *** ******** ** **** with ********** **** ***** ********** ******* *** ******* *********.

**********: ****, *** ******** ** ******* '********' ** ********* *******. For *******, **** *** *** ******* ****** *** ****** * fingerprint *** ** ****. ** **** ******* ** ** ********* choice *** *** *****, *** ** **...

** *** ********** *** ******* *******. *********** ********** *** ** "easily" ******. **, ** *** *** **** ** ****** * "gummy" *********** (****** **...) **** * ****** *****, **** *** have ******. **** ** *** *** **** * ****** ******.

******* ******* ***** ** ******* ******* ** *** ***** ****** on *** *******.

*** ***********, ****** * ****** **** ******* * ***** ******* that ** ** * **** ******, *** *** * **** or *********.

****** * *** **** ******* ******** ****** *** * ***** or ****** **********. ****** ** * ***** ** ******* *** trips * ****** ***** ********** * ******** ******* ******** *** intruder ***********...

* ** ******** ** *** ******* ***** **** ** ***** community, ***** *** **** **** **** **** ** ** ** enter *** *****. ********* ******* **** *** ***** **** ** include **** **** ** ********** *** *** ** ***** ***** residence.

** *** ***** ** ** ****** * ****** ** * facility **** *** * ******** ******* ** *** **** *** would ****** *** ***** ** *** *** ***** *** ***, then *** *** *** * ****** *** *** ***. * layers ******* *********.

* **** * ****'* **** ** **** *** **** *****, but **** ** ***** *** *******. *'** **** *** ***** readings *** *'* ******* **** ****** ***** ** ****** *********** as * ********* ***********. **** * *** ** ******** ******* News, ****** * *********** * ***** ********* ** *****(*** *** **) *** * ********-**** ************ ****'* **** ** a ****** ******* ******** ** **** ** *** *** ******** seemed ** **** ********* **** *** *** * ******* *** for * ****** *** ****'* **** ** ******** ** ***** a ********** ** ********** ***** ** ***** ***** ***, ***...


*******, * *** **** ** ******* *****, *** * ***'* see ****** ***********--** ********** ** *******--****** ***. *** ****** ********** any **** ** ****** ***********?

******!

******: ********** **** ****** *****, *****, ** *** ***** ******* takes ********* ** ********* '********* *** ****' *** ********* '********* *** ****' ** ******* ****** **********.

**'* *** **** *** ******** * ******** *** ******** ***** multi-factor **************. **** ******** ************** ******** ** ** ** ******-******, as **** ******** *** ******** *** ********** ********* *** ****. I ***'* ***** * ******** ***** ** ********* * ****, as ** ***'* ** ***** **** ** (**** ** ****** card *** **). * ******* **** **** ** ******* ********+ guide:

*** **** ***** **** ** ************** ** ***** ******** ****** ************** (***)******* **** *** **** ** ************** ** *******. *** ** most ***** *********** ** *** *********** ********/******** ***********.

**** ** **** ******* ***********!!

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Paxton Hosted Access - Disruptive Low Dealer Pricing on Jan 19, 2017
Paxton is entering the hosted access game, with BLU, at a cost that is a fraction of key competitors. The different approach could be very...
Cut in Half, Everfocus Shifts Strategies on Jan 17, 2017
The race to the bottom impact continues. Now, Everfocus, who used to be one of the larger budget providers, is shifting strategies after years of...
Genetec Favorability Results on Jan 16, 2017
In the race to the bottom and flight to 'solutions', Genetec has taken a contrary path. The company remains independent, focusing up market,...
Introduction To Burglar Alarm Systems on Jan 04, 2017
While alarm systems are popular, balancing between the right level of protection, the appropriate components and an acceptable price can be very...
Surveillance Cameras 2017 Review on Jan 02, 2017
This report concisely explains the developments and most common options for surveillance cameras offered in 2017, including resolution, H.265, HD...
Lux Rating / Minimum Illumination Guide 2017 on Dec 23, 2016
Lux ratings are one of the poorest specifications to use in selecting cameras. Now, with the rise of integrated IR, they are increasingly...
The PPF / PPM Video Surveillance Guide on Dec 23, 2016
Pixels per foot / Pixels per meter is the most fundamental and valuable, though imperfect, metric for specifying video surveillance image...
Surveillance Camera Imager Tutorial on Dec 23, 2016
Imagers - CCD, CMOS, 1/2", 1/4", big pixels, small pixels, etc. In this tutorial, we explain the fundamental issues and drivers in surveillance...
IR Video Surveillance Tutorial 2017 on Dec 21, 2016
Almost all surveillance cameras perform worse in low light than they do in the day time. One of the most common techniques to overcome this is to...
ONVIF Tutorial 2017 on Dec 19, 2016
ONVIF is well known within the surveillance industry as an interface to connect IP cameras and VMS systems but: Is ONVIF a 'Standard'? Why...

Most Recent Industry Reports

2Gig Expands Into Commercial Intrusion With Vario on Jan 23, 2017
2GIG, an alarm product manufacturer best known for their wireless products, has introduced a new line of wired panels aimed at the commercial...
Integrator Service Vehicle Guide on Jan 23, 2017
Few assets are as commonly used by integrators and installers as their service vehicles. 125 integrators explained to IPVM in detail about their...
Goodbye Samsung, Hello Wisenet X on Jan 23, 2017
Samsung is gone but Hanwha is back. Their latest generation Wisenet X, touts a slew of new high end features including H.265, WiseStream II,...
Vivotek Favorability Results on Jan 20, 2017
Financially, Vivotek is doing relatively well. The company did ~$130 million in 2015 revenue and 2016 revenue (through Q3 reported) was up more...
PR Firm Pleads Don't Scrap PR Spending on Jan 20, 2017
PR is not dying, warns pleads PR firm. Take 40+ year old industry PR firm LRG, who recently lamented the 'misconceptions' that: Traditional PR...
Getting Started With Your IPVM Membership on Jan 20, 2017
Here's how to get started and get the most out of your IPVM membership. Books for Members All members can download the 3 member-only books below...
Jim Cramer Sucks Up To Knightscope on Jan 19, 2017
Credit must be given to Knightscope. They are raising money right now and despite their $80 million pre-money valuation against a lowly sub $1...
ADT Launches Canopy - Professional Monitoring For DIY Devices on Jan 19, 2017
The intrusion industry has criticized DIY security systems for years, claiming systems like Canary or Scout cannot match professionally installed...
Dahua UnFavorability Results on Jan 19, 2017
Dahua, the mega-Chinese surveillance manufacturer not primarily owned by the Chinese government has been trying to break out of the shadow of...
Paxton Hosted Access - Disruptive Low Dealer Pricing on Jan 19, 2017
Paxton is entering the hosted access game, with BLU, at a cost that is a fraction of key competitors. The different approach could be very...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact