Multi-Factor Access Control Authentication Guide

By: Brian Rhodes, Published on Dec 10, 2018

Can a stranger use your credentials? One of the oldest problems facing access control is making credentials as easy to use as keys, but restricting them to certain individuals.

Multi-factor authentication is used when the end-user is concerned about who can use access control credentials. In this guide, we explain the concept and the elements involved, including:

  • What Does Multi-Factor Authentication Mean?
  • What Benefits Multi-Factor Offers
  • The Four Factor Types Available
  • Which Factors Are Common For Access Control
  • What Drawbacks Multi-Factor Authentication Have
  • Why Single Factor Authentication Is Still Common

*** * ******** *** your ***********? *** ** the ****** ******** ****** access ******* ** ****** credentials ** **** ** use ** ****, *** restricting **** ** ******* individuals.

*****-****** ************** ** **** when *** ***-**** ** concerned ***** *** *** use ****** ******* ***********. In **** *****, ** explain *** ******* *** the ******** ********, *********:

  • **** **** *****-****** ************** Mean?
  • **** ******** *****-****** ******
  • *** **** ****** ***** Available
  • ***** ******* *** ****** For ****** *******
  • **** ********* *****-****** ************** Have
  • *** ****** ****** ************** Is ***** ******

[***************]

Multi-Factor ************** *******

*** ******* ***** **** more **** *** ********** must ** ********* ** order ** **** ******. However, *** *********** *** 'layered' ** * *** that **** ********** **** other.

Four ************ *******

*** ********** ************** '*******' cannot ** *** ** the **** ***** *** are ********* ********** ******* types ** ***********. *** 'factor ******' *** ******** cited **:

  • ********* *** **** ***: * **********/********** ******* administratively ** *** ****. Typically ** ****** ******* badge, *****, ** ***. Also ******** * ********** key, ********** **, ** passport.
  • ********* *** **** *****: ********* * **** or ******** **** ******* by *** ****. ********* a *** ******, *** also ******* '******** *********' or '**** * ****** Security *****' *************.
  • ********* *** **** **: ********* ******** **** the **** ** **** to *******. ********* ****** or **** ****** *** used, *** ***** ******** possible ********* **** ***********, heartbeats, ******/**** *****, *** even ****.
  • ******* ******* ******** *** User: ***** ******* **********, another ***** ********** *** and ******* *** *** user. **** ***** ** a ****** ***** ** even * ************ **** grants ****** ***** ** familiarity.

Multiple ******* ********** ************

**** ** ***** ** securing ******, *********** **** a ***** ****. **** it ***** ** ******** credentials *** ******** **** the ***** ****** *** using ****, ******** ******* are ****** **** ** the ******** ******* *** weak.

* ******** ******* ** many *** ***-****** ***** and **** **** *** automatic ****** ********. **** credential, **** **** *****, is **** *** ****** defeated ** ****** *** malicious ***.

*******, **** ** ******** do *** ******* ********* embedded *****, ***** *** card ** ********* ******** with * ********* ***.

** *** ****, *** only *** ***** ***** required ** ** ******, but *** ******* *** required ** ** *******. This ***** ************ ****** factors ******** ** ********* them **** ******** ****** of **************.

Multi-Factor *******

** * **** ***** reader ******** ********* *****, fingerprint *****, *** ****** codes *** '*****-******' *******, two ** **** *********** would ** ******** *** entry, *** **** ********* credential ****** *** ********** for *** **** ** present ** *** ****.

*** ***** ***** ***** an ******* ** * typical '***** ******' ****** device:

*** ******* **** ******* support ****. *** *******, this *****-****** ****** ****************** ********* **** ***/** voice ************** ******* ** the **** ****** ***********:

Different *****

*** ****** ****** ** applied ******* **** ********* to ** ***-****'* ******** concerns. ***** ****** ********* about *** ******** *** of **** *********** *** require *** *******, ***** high-security ************* *** ******* three ** ****. ** define *** ******* ***** tiers *****:

Two *******

**** ***** * *********** of '********* *** **** ***' *** '********* ** *****', **** ** ****** Control ****** **** *** accompanying *** ******. **** if *** **** ***** the ****, ** ************ finder ****** *** ** to **** ****** ****** they **** **** * code, ***** ** ***** only ** *** ****.

******* *********** ********** ****** are **** *********, ** is **** ****** ** see *********** ** ***** physiological ******* **** **'********* *** **** **' ** *** ****** authentication.

Three *******

**** ******** ******** ** even ****** ***** ** validation, ***** ******* *** required. **** ***** **** is * *********** ** biometrics, *** *****, *** access ******* ***********, *** become ************* **** ****** to ********* *** ****** than ****** '****** ******' authentication.

** * ****** ** both **** *** **** to *** **** ***** of **************, ** ** used ** ******** **************, military, *** ******** ********** but *** ********* *** commercial ***-*****.

Guard/Verification ******

*** ******* ***** ** authentication ** ***** **** at ******** *** ***** sensitive *********, ***** ****** checkpoints *** **** ** conjunction **** *** ***** factors. ******* **** ******* takes *** **** **** and ** *** **** labor *********, ** ********* is *** ******** ****** the ******** **** ** very **** *** ******** manpower ** *********.

Multi-Factor ************** *********

******* ******** ****** ************ of *****, *****-****** ************** has *********.

*** ******* *********** *** is *** ********** **** required ** ******* ** manipulate *** ********** **********. Especially *** ******** ***** high ***** ******* *** needed, ****** **** **** to ******* **** *** additional ****** ***** *** more **** * *** seconds *** **** ****, potentially ****** ** ** many ******* **** *** course ** *** *****.

******* ********* ****** ** the ********* ***** ** multiple ****** ******* **** simple, ****** ****** ***** like *********** *******. * combination *****-****** ****** ** often $*** - $*,*** more **** * ******-****** unit ******* $*** - $300. **** *** ****** of **** * ***** system **** * - 4 *****, ***** *****-****** readers *** ******** ***** by *********.

Single ****** ***** ******

* ******** ** ********** access ******* ******* *** 'single ******' **************, *** this ** ********** *** the *********** ******** ** most ***-*****. *** ****** credential **** ** **** is **** ** *** identity ** *** ******, and *** ****** ******** (ie: *******, *****) ** recorded *** **** ******.

*** *********** *** ******* the **** ****** '****** factor' **********. ** ***** verification ** *** ****** is ******** **** *** key *** **** ******. While ********* ******** ** high-tech ********** ****** ***********, mechanical **** ***** ******* an ******** '***** *****' of ******** *** **** millions ** **********.

*** ***** *******, ***** multiple ******* ** ****** identity *** ** **** to *******. ******* ******* supporting ***** ****** *** more *********, *** ****** manned ************ ***** ** overhead *** ****** ********* without ******** *************, ****** factor ******* *** ******** method ****. *******, **** risks **********, ***** ** an ********** ********** ** strengthen ********.

Comments (18)

**** ****'* ******* **** this ** *** *** mobile ******. *********** *** provide *********, *** & gesture ** *** **** you *** ** **** you ****. *** ***** is **** *** ****. There *** ******* ********* that ***** **** *** with **** ****** *********** implementations. 

*** ** **** ********* the **** *** ****** biometric *******, *** ********* allow *** ************* *** ability ** ******* *** by *****/******, ****/**** *** schedule.

 

**** *** ****** ***'* like ******** *** ***** phones. *** *** **** so **** **** ***** for ******* ***** ******* without ****** *** **** you **** ** ****** have ****** *******, ** activate *** **** *** a ****.

******, *******, ** ****** devices *** * ******** medium, *** **** *** '********* *** **** *****'**** ***** ****** ******* would.

** ** ****, **'* an ********* ** *** existing ******* *********, *** isn't *********** *** ** additional.  

*** **** **** ****, if *'* *** *******, then ********* ** **** add **.  **'* ** interesting ************** ** ***, I'm **** *** ************ that ** ** * new ****.

****** **** *** ******** makes *** *** **** phone ******* * ******, but ***** *** *************** where *** ***'* **** need ** **** **** phone *** ** **** pocket *** ****** ***** you *** **** **** request ** *** ******** the **** ** * more ******* ***.

****, *** ** ** it's *** **** **** more ******. *** ** you ***'* **** ** take **** ***** ***, then ***** ** ** app *** ************* ****** (either ********* ** ***) always ***** ******* **** at ***** **% ** people **** ******** *****, and **** ** ***** will ******* ** ** upper **********. :)

*** ********* ** *** has ****** **** ********* people's **********, ****** *** expectations.

***** ** ** ***** Video **** ** ** integrated **** ****** ******* in *** **** ** maglocks **** ******** ******* and ** **** ******* tied ** ********** ***** to ****** *** *** accessed * ****.

**** **** ******* ** be * ******* **** of **********.

******, ** ** ****, video ** **** **** would ** *** "************", not ******. ********* ** was *** ******* ****** using *** ********** ** gain ******. ****** ** is * ****** ***** station ***** ***** ** see *** ** ** the **** ******* ******.

** ***** *** **** the ****** **** - '******* ******* ******** *** User'.  ** ***** ** somewhat ***** ** ** this **** ******** *** cameras (****** ***** **** outside *** ***, ** the ***** *** ** poor *******, ***) *** I ***** ** ***** fall **** **** ********.

****** ********** *************** *** clearly ** *** **** as **** * ******* end ***** **** ********** and **** ***** ***** to ******** **** ****** to ***** ***** ****, data ******* ** ****** doors. ******* *****...******** & habit ******. ** ** use *** ****** *** *** personal ***, ** ***'* mind ******* ** ** App, *** **** ** is ******** ** *** company ** ************ * person ** *** ****** and *** ****** ** the ******, ********** ** change ** ***** ** pilots. ** *** ***** hand, *'* *** ***** to **** ** ***** on * ******* *** day.

********* **, *** **** implementation ******* ** **** integrate **** **** ***** intercoms

**** *** ****** ****** need ** ** * person? *** *******, ** someone **** *** ******* badge, ***, *** ********* appeared ** *** **** at *:****, ***** ** AI ********* ****** **** this ******** ** ********** with *** *** ****** usually *******?

** ***** **** ** more ** * ********** biometric, *** **** ********** as "********* *** ***"?

*** ***** ************/******* ******* verifies **** **** *****'* *********** need ** ** ***** intensive.  *** ********, ********* Command ****** *** * feature ***** *** *** set ** '**********' ** doors, ***** *** ***** at *** ******* ****** gets ******** ******** *** badged at *** ****, *** give *** ***** * set ****** ** **** to ***** ** **** the *******.  ** *** show * **** ****** **** with ******** * *** audio, ** **** ** any ******** **** ******, such ** ******, **** you ******* ** **.  As **** ** *** already **** * ****** monitoring *** ****** ******* system and ***'* *** ** on ***** **** **** constant ******* ** *** be **** **********. 

************ ***** *** **** you *** ******* ********* so ***** ***** ** be * ********* *********** badging ******** ** **** a ****, ** * "host" **** ********** ***** to ***** ***** *** a "*******" **** ********** to ** **** ** scan ***** ***** *** get * ***** *****.

* ********** ******** ******* and * *** **** your *** ******, ******’* it ** ******* ** have ** ****** ******** for *** **** **** if ******* *** *** allowed ** ** ** work ****** *** ***** a *** **** *** set *** ****** ** email ** ***** ** the ******** ******* ***** would ******* *** **** holder *********** *** *** the ***** ** ****** if ** ** *** actual ****** **** ******.

 ******’* ** ** ******* to **** ** ****** schedule *** *** **** door ** ******* *** not ******* ** ** at **** ****** *** after * *** **** and *** *** ****** to ***** ** ***** to *** ******** ******* which ***** ******* *** card ****** *********** *** yes *** ***** ** verify ** ** ** the ****** ****** **** holder.

****, *** ***** *** many ***** ****** ** needed *** *********** **** falls ******* ** ****** schedules. (******* ****/********, ***)

****, **** ********** ****** do *** **** ******** staff ******** ********** ****** systems ** ***** ************ for ************.

** *******, ****** ****** ******* ****** *** Schedules ** * ***** **** regardless!

** **** ** *** eveyone's *************. ** **** in * **-******* *****, the ***** **** ****** control. *** ** *** doors ** ********** ***** had * **** ******* the **** ****. ** you'd ***** ******** ********** would *** ** *** a **** ** **. Nope, **** ******** *** other ***...Access control defeat device

**** **** **** **** included *** ************...

* ******* ******** *** fourth ************ ****** *** updating *** **** ** follows:

1. ********* *** **** ***

2. ********* *** **** *****

3. ********* *** **** **

4. ******* *** **** ** ****

*** ******** ********* "******* ******* ******** *** User"******** ******* ***** ********** IDs *** ******* *** the **** *** ****** access ***** ** ***********. I ******* *** ***** or ************ ****** ** this ******* ** ******** acting ** *** **** capacity ** * *****-****** reader (*********** *** ********** based ** **** **** have, ****, ** ***). The ***** ** ************ is ********* *** * "verification ******" ** *** same ***** ** *** other ***** ***** ** the ****.

******** *** *** ****** to "******* *** **** ** with"********** ************** ** ******** user ************** ************ (*.*. the "***** ******") ***** two (** ****) ********** individuals *** ******** ****** access ** * ******** or ****** ** *******.

Someone *** **** ** ****

** *** ******** ** an *************** ****** **** another ************* **** ****, or ******?

** ** *** ** authenticated *******, ***’* **** just * ******* ** the “******* *******...”?

********** ** *********** #*:

********* *** ** **** authorized ***** ****** ******** access ** ** ******* of "******* *** **** is ****". *** *******, Person * ****** ***** a ********** **** ****** another ********** ********** (****** B ** * ** D ***.) ** **** present (***** ** *** additional ********** ******). **** individual **** ** ******** separately ***** ** *** pair ***** ******* ******. Either *** ****** ** gain ****** ***** ***** not ** **** ** gain ****** **** ****** they *** **********.

* ***** ******** ****** to ****** * ** the **** ** * card ****** ******** ****** to ****** *. **** both ****** *** ******** of ****** * *** grant ****** ***** ** his/her ************* *****."******* *** **** ** with"******** ********** ****** * to **** ** ********** Person * **** **** prior ** *** ***** (or **** ******) ******** access. *** ***** (** card ******) ******** *** verification **** ****** * and ****** * *** both ********** *********** *** that ******** **** **** the ******** ** ** granted ******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Nortek Mobile Access Reader BluePass Examined on Feb 12, 2019
Nortek's Linear access control division claims to make mobile credentials "more secure and easier to use than ever before" with their BluePass...
Startup GateKeeper Aims For Unified Physical / Logical Access Token on Apr 04, 2019
This startup's product claims to 'Kill the Password' you use to keep your computers safe. They have already released their Gatekeeper Halberd...
Proxy Access Control Tested on May 09, 2019
Silicon Valley Access Startup Proxy raised $13.6 Million in May 2019, focusing on mobile physical access control. Beyond the fund raising, Proxy...
OSDP Access Control Guide on Jun 04, 2019
Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major...
Mobile Access Control Shootout - Farpointe, HID, Openpath, Nortek, Proxy on Jul 29, 2019
One of the biggest rising trends in access control is using phones as credentials but which offering is best? IPVM has tested five of the...
Mobile Access Control Guide on Aug 28, 2019
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. But how does this...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...
Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
Access Control Time & Attendance Guide on Sep 24, 2019
Access control systems can do more than lock doors. With little or no extra equipment, they can be used to track labor hours for employees...
Directory of Access Reader Manufacturers on Nov 27, 2019
Credential Readers are one of the most visible and noticeable parts of access systems, but installers often stick with only the brand they always...

Most Recent Industry Reports

Hazardous & Explosion Proof Access Control Tutorial on Feb 27, 2020
Controlling access to hazardous environments requires equipment meeting specific ratings that certify they will not start fires or will not...
Motorola / Avigilon Drops ISC West on Feb 26, 2020
Motorola Solutions has pulled out of ISC West 2020 effective immediately, because of coronavirus concerns, IPVM has learned. This is done amidst...
Cancel or Not? Industry Split Over ISC West on Feb 26, 2020
The industry is split, polarized, over whether ISC West 2020 should run or be canceled. New IPVM survey results of 400+ respondents show heated...
Coronavirus Hits Sony, Bosch Says Switch on Feb 26, 2020
Sony's fall in video surveillance has been severe over the past decade. Now, they may be done. In this note, we examine Bosch's new...
Video Surveillance Cameras 101 on Feb 25, 2020
Cameras come in many shapes, sizes and specifications. This 101 examines the basics of cameras and features used in 2020. In this report, we...
Favorite Video Analytic Manufacturers 2020 on Feb 25, 2020
Video analytics is now as hot as ever, driven by the excitement of advancing deep learning offers. But what are actually integrator's...
Latest London Police Facial Recognition Suffers Serious Issues on Feb 24, 2020
On February 20, IPVM visited another live face rec deployment by London police, but this time the system was thwarted by technical problems and...
Masks Cause Major Facial Recognition Problems on Feb 24, 2020
Coronavirus is spurring an increase in the use of medical masks, which new IPVM test results show cause major problems for facial recognition...
Every VMS Will Become a VSaaS on Feb 21, 2020
VMS is ending. Soon every VMS will be a VSaaS. Competitive dynamics will be redrawn. What does this mean? VMS Historically...
Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...