Multi-Factor Authentication Primer

Author: Brian Rhodes, Published on Feb 04, 2013

Can a stranger use your credentials? One of the oldest problems facing access control is making credentials as easy to use as keys, but restricting them to certain individuals. The technique of 'multi-factor authentication' is applied when the end-user is concerned about who actually can use access control credentials. In this note, we examine the concept and detail the ways many access control designers choose to use it.

Multi-Factor Authentication Defined

** ****** *****, *** ******* ***** **** **** **** *** credential **** ** ********* ** ***** ** **** ******. *******, the *********** **** ** '*******' ** * *** **** **** validate **** *****. **** ***** **** *** '*****-******' *******, **** than *** ********** **** ** ************** ********, *** ****** ** option ** **** **** *** **** ** ***** ****.

** * ***** **** ***** ****** ******** ********* *****, *********** scans, ** * ****** **** ** ***** ** ** '***********', two ** **** *********** ***** ** ******* *** *****, *** just ********* ********** ****** *** ********** *** *** **** ** present ** *** ****. *** ***** ***** ***** ** ******* of * ******* '***** ******' ****** ******:


*** ********** ************** '*******' ****** ** *** ** *** **** type, *** **** ** *******, ********, *** ********** ******* ***** of ***********. ***** '****** ******' *** ******** ***** **:

  • ********* *** **** ***: * **********/********** ******* **************** ** *** ****. ********* ** access ******* *****, *****, ** ***. **** ******** * ********** key, ********** **, ** ********.
  • ********* *** **** *****: ********* * **** ** ******** **** ******* ** *** user. ********* * *** ******, *** **** ******* '******** *********' or '**** * ****** ******** *****' *************.
  • ********* *** **** **: ********* ******** **** *** **** ** **** ** *******. Typically ************ ** **** ******, *** ***** ******** ******** ********* face ***********, **********, ******/**** *****, *** **** ****.
  • ******* ******* ******** *** ****: ***** ******* **********, ******* ***** ********** *** *** ******* for *** ****. **** ***** ** * ****** *****, ** even * ************ **** ****** ****** ***** ** ***********.

Different *****

*** ****** ****** ** ******* ******* **** ********* ** ** end-user's ******** ********. ***** ****** ********* ***** *** ******** *** of **** *********** *** ******* *** *******, ***** ****-******** ************* may ******* ***** ** ****. ** ****** *** ******* ***** tiers *****:

*** ******:**** ***** * *********** ** '********* *** **** ***' *** '********* ** *****', **** ** ****** ******* ****** **** *** ************ *** number. **** ** *** **** ***** *** ****, ** ************ finder ****** *** ** ** **** ****** ****** **** **** know * ****, ***** ** ***** **** ** *** ****.

******* *********** ********** ****** *** **** *********, ** ** **** common ** *** *********** ** ***** ************* ******* **** **'********* *** **** **' ** *** ****** **************.

***** ******: **** ******** ******** ** **** ****** ***** ** **********, three ******* *** ********. **** ***** **** ** * *********** of **********, *** *****, *** ****** ******* ***********, *** ****** significantly **** ****** ** ********* *** ****** **** ****** '****** factor' **************.


** * ****** ** **** **** *** **** ** *** this ***** ** **************, ** ** **** ** ******** **************, military, *** ******** ********** *** *** ********* *** ********** ***-*****.

**** ******: *** ******* ***** ** ************** ** ***** **** ** military *** ***** ********* *********, ***** ****** *********** *** **** in *********** **** *** ***** *******. ******* **** ******* ***** the **** **** *** ** *** **** ***** *********, ** typically ** *** ******** ****** *** ******** **** ** **** high *** ******** ******** ** *********.


Multi-Factor ************

**** ***** ****** '****** ******' ************** ** **** ******, *** multiple ******* *** ******** ******** ** ******* ************* ******* ** access *******. **** ***** ******** ********:

  • ATM ********: Not only are debit cards required to be swiped, but PIN numbers are required every time a cash transaction takes place at one of these machines.
  • ******: ********** **** ****** *****, *****, ** *** ***** ******* takes ********* ** ********* '********* *** ****' *** ********* '********* *** ****' ** ******* ****** **********.

**** ** ***** ** ******** ******, *********** **** * ***** role. **** ** ***** ** ******** ***********, ******** ******* *** required.

Single ****** ***** **** ******

* ******** ** ********** ****** ******* ******* *** '****** ******' authentication, *** **** ** ********** *** *** *********** ******** ** most ***-*****. *** ****** ********** **** ** **** ** **** to *** ******** ** *** ******, *** *** ****** ******** (ie: *******, *****) ** ****** ******* **** ******.

*** *********** *** ******* *** **** ****** '****** ******' **********. No ***** ************ ** *** ****** ** ******** **** *** key *** **** ******. ***** ********* ******** ** ****-**** ********** access ***********, ********** **** ***** ******* ** ******** '***** *****' of ******** *** **** ******** ** **********.

*** ***** *******, ***** ******** ******* ** ****** ******** ***** be ********** ******. ******* ******* ********** ***** ****** *** **** expensive, *** ****** ****** ************ ***** ** ******** *** ****** justified ******* ******** *************, ****** ****** ******* *** ******** ****** used.

Comments (15)

Kok Long Pang

| 10/17/13 08:16am

****** **** *** ** **** ** ***** ****** **************. ** some ******, ** **** ** ***** * ******* (*** * persons) ** ******* ********** ** ******** **** ***** ** ****** to ****** * ****, *** ******* *** ** ***. **** remain ****** ** *** ** **** **** *** *******, ** outside *** ******** **** *****.

Bob Lowden

IPVMU Certified | 04/17/14 01:59am

*** ******* ************ ****** **************** ******* ** ********** * *** ******* ** ******. ********* for ****** ****** ******* ****** ** ****** **** ***** ******'* credentials.

Rukmini Wilson

| 04/17/14 02:51am

******* *****, **** ***** * ****** **** ** * ***** & ****** ***** *** *** ********* ****** **** ********* ** the **** ******* *** *** ** *** ****, ** **** considered * ***** *** ********* *********? ** ** ** ******** an ********** ********* ****, *.*.,********* *** *****...

Thumbnail pp 5

Brian Rhodes

IPVMU Certified / IPVM Admin | In reply to Rukmini Wilson | 04/17/14 03:14am

*********** ********.*********** ** ********** * *********, ** ***** ** ****.

****** **** (**** **** '**' ** ** **********) *** ***** checks **** ********* ** *** **** ** *** ****, ** is ** ***** * ***-****** *****: *** - *** **** the ****, *** *** - *** '***' *** ****** *** was ****** *** **** (********* ** **** *********).

** *** ****, *********** ** * **** *********, ***** ** can ****** ** *******. *** **** ** ***** *** * finite ********** ****** *** ************. *** **** ****, *** ** appears ** ************ ****** **** ****. *** *** * ***** something **** * ** **** *** ***** **** ********* ****** if * ** **** *** *****, ** *********** *** ************* that ***** ********** ** ***.

Rukmini Wilson

In reply to Brian Rhodes | 04/17/14 04:12am

*********** ** * **** *********, ***** ** *** ****** ** spoofed.

*** ***** *** *** **** ***** **** ** ** **** the ****** ********-********* ********* *** ******** * *****, **** * very ******* *********, ******* **** ****** *. ******* ******* ** the ********* *** ** **** ****. ***** **** *** * breeze ** ********* * ********** ****** **** **** **** ******* purchases ** ******** **** *** ***** *** ********** *** ********* validation ********** ***********...

** ***** ******* ******* **** **** * '***** ***** ******' panic ******? **** *** ******, **** *** *** ***** **** or *********? :)

*.*. * ***'* **** ***** *** *** * ** * 'warm *****'...

Ed Lunnon

IPVMU Certified | 01/21/15 04:00pm

** *** *** *** ********** ** ****** ********* ** *** facility. ********* *** *** ** ** ******* ***** ******** *** search **** *** *** ***** ***** ************. ****** **** ********* through *** ** *** ***** ****** **** *********, *** *** identifies *** ***** *** **** ***** *** *** ***** ***** print *** ************.

Thumbnail 1

Luis Carmona

IPVMU Certified | In reply to Ed Lunnon | 01/21/15 05:36pm

******** *** *** ****** *** ********* (*** ***** ** ***** up *********** *** ************) ** * **** *****, **, *** something * ****** **** *** ********** ******. * **** ******** on *** ******* ** *** ********* ************ ** *** **** about ***** *********.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified / IPVM Admin | In reply to Luis Carmona | 01/21/15 05:46pm

**** ** ****** '************ ****' *** **** ********* *******.

******** *******'* ******** *********** ********** ** ***********, ***** *** **** ****** ******** **** *** fingerprint ******** *** ********** ****. *** **** ***** * ***** to **** *** ********** **** *** ******, *** *** ****** does *** ******** **** *** *********** ** *** ****** ****** unless *** *********** **** ******* *** *** ********** **** *** card.

Thumbnail saks

Aaron Saks

In reply to Ed Lunnon | 01/22/15 02:00pm

*** **** **** ** ***** ** *** ******** ******, *** the ***** ******* *** *** ****** ***** *** ***** *********** are *****.

*** *******, ** **** ****** **** * **** ****** **** had * **** ***** *** **** ****** ***** *** ****** active ***** *** **** ** **** + *** *** ******* AND *******.

**** ***, *** ***'* **** ******* ****** ** "****" *** biometric ****. *** ***** **** ** ***** *** **** ** card + *** *****.

***** *** **** ***** ***** **** "********" ** **** ** retnia ****** ** ******* ** * ********* ******* ***** **** was * "********" **** *** ******** ** ********* **** ****. Having *** ********** ******* ***** ******* ** ***** *** ****** requiring **** ***** ** ** *****...

Val Tsyrklevich

| 01/22/15 02:28am

*** ***** *** **** ******** ****, **** *** *** ********** authentication? ****** **** *** *** **** ***********. * ***** ** should ***** ******** ***.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified / IPVM Admin | In reply to Val Tsyrklevich | 01/22/15 03:04am

**** ********! ***** *** ******* ******* *** ********* ***'* ****** a **** ******, **** ** **** ** * '*****-******' *****:

****: ********* ******* ***** **** ****. ********* **** * ***** fingerprint ** ******** ******** ******* ***** ****. ****** ******** ******* a ****** **** ******* ****'* **** ******* **** **** *** waiting, *** ***** ******* *** ** ******.

********: ******** * *********** ****** ******* *** ** **** ****** summer, *** **** *** ******* ** **** *** ***, *** might **** ************ ********** ** *** ***** ****** ** **** off ****** ****** ** *** ** *** ****. *************, ***** problems ******** ************************** **. ***** *** ***** ******* ***, **** ***** *****, iris ******** ****** *** ***, *** ** **.

*******: **** ****** *** **** ******** ************* **** ********* ********. Some ***** ****** ** '******** ******* ***** ******'. ** *** disagree *** ***** **'* *****, *** *** ******** ** **** with ********** **** ***** ********** ******* *** ******* *********.

**********: ****, *** ******** ** ******* '********' ** ********* *******. For *******, **** *** *** ******* ****** *** ****** * fingerprint *** ** ****. ** **** ******* ** ** ********* choice *** *** *****, *** ** **...

Thumbnail saks

Aaron Saks

In reply to Val Tsyrklevich | 01/22/15 01:50pm

** *** ********** *** ******* *******. *********** ********** *** ** "easily" ******. **, ** *** *** **** ** ****** * "gummy" *********** (****** **...) **** * ****** *****, **** *** have ******. **** ** *** *** **** * ****** ******.

******* ******* ***** ** ******* ******* ** *** ***** ****** on *** *******.

*** ***********, ****** * ****** **** ******* * ***** ******* that ** ** * **** ******, *** *** * **** or *********.

****** * *** **** ******* ******** ****** *** * ***** or ****** **********. ****** ** * ***** ** ******* *** trips * ****** ***** ********** * ******** ******* ******** *** intruder ***********...

Paul Salvato

| 01/22/15 02:53am

* ** ******** ** *** ******* ***** **** ** ***** community, ***** *** **** **** **** **** ** ** ** enter *** *****. ********* ******* **** *** ***** **** ** include **** **** ** ********** *** *** ** ***** ***** residence.

Kim Mentzer

IPVMU Certified | 01/22/15 04:08am

** *** ***** ** ** ****** * ****** ** * facility **** *** * ******** ******* ** *** **** *** would ****** *** ***** ** *** *** ***** *** ***, then *** *** *** * ****** *** *** ***. * layers ******* *********.

Daniel Gelinas

IPVMU Certified | 09/24/15 07:59pm

* **** * ****'* **** ** **** *** **** *****, but **** ** ***** *** *******. *'** **** *** ***** readings *** *'* ******* **** ****** ***** ** ****** *********** as * ********* ***********. **** * *** ** ******** ******* News, ****** * *********** * ***** ********* ** *****(*** *** **) *** * ********-**** ************ ****'* **** ** a ****** ******* ******** ** **** ** *** *** ******** seemed ** **** ********* **** *** *** * ******* *** for * ****** *** ****'* **** ** ******** ** ***** a ********** ** ********** ***** ** ***** ***** ***, ***...


*******, * *** **** ** ******* *****, *** * ***'* see ****** ***********--** ********** ** *******--****** ***. *** ****** ********** any **** ** ****** ***********?

******!

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Access Door Controller Configuration Guide on Sep 27, 2016
Properly configuring access control door controllers is key to a professional system. These devices have fundamental settings that must be...
VLANs for Video Surveillance Tutorial on Sep 26, 2016
Many people confidently say to 'use VLANs' as an answer to IP video networking problems and as a way to signal expertise. But how should VLANs be...
Access Control Course Fall 2016 on Sep 22, 2016
IPVM offers the most comprehensive access control course in the industry. Unlike manufacturer training that focuses only on a small part of the...
Door Fundamentals For Electronic Access Control on Sep 20, 2016
Assuming every door can be secured with either a maglock or an electric strike can be a painful assumption in the field. While those items can be...
How to Measure Video Quality / Compression Levels on Sep 16, 2016
Two cameras have the same resolution, frame rate and scene monitored but camera A consumes half the bandwidth than camera B. Is Camera A better?...
PTZ Camera Guide 2016 on Sep 15, 2016
Pan/Tilt/Zoom cameras remain critical parts of many surveillance systems, especially in large security operations. Because of this it is important...
The Passback Problem on Sep 14, 2016
Every security system has flaws, even high-tech ones. While Electronic Access Control helps keep sensitive areas safe, it is not without...
S2 Founder Touts Mercury Board To Replace Software House on Sep 08, 2016
Access control is a stoic market typically devoid of glitzy, flashy product releases. But one new product is notable because of who is touting it...
Lenel Partners Angry, Lenel Does Not Care on Sep 01, 2016
Even more than Arecont, one manufacturer stands out for consistent complaints - Lenel. Over the past few years, no manufacturer has had more...
Panoramic Camera (Fisheye / Multi-Imager) Guide on Aug 31, 2016
Panoramic cameras, including fisheyes and multi-imagers, have become increasingly widespread, with most manufacturers offering fisheyes and an...

Most Recent Industry Reports

Dahua USA CEO Tim Wang, Where Is Your Integrity? on Sep 29, 2016
Dahua USA CEO Tim Wang and Dahua Director of Marketing Tim Shen shared their IPVM passwords extensively, resulting in Dahua USA CEO's account...
Allegion NDE Wireless Lock Examined on Sep 29, 2016
While wireless locks are one of the hottest areas of access control, two of its biggest challenges are high cost and limited integration with...
The 'Last Chance to Save' On Hikvision Is Here on Sep 29, 2016
It is over. After at least 8 across the board price cuts in the past 10 months, including an unprecedented back to back 20% off, Hikvision has...
Camera Calculator Class and IPVM Member Orientation October 2016 on Sep 28, 2016
Members, learn how to better design video surveillance systems and get the most out of your IPVM memberships with 2 upcoming live classes. Both...
Axis 4MP Camera Tested (M3046-V) on Sep 28, 2016
Axis has brought 4MP to its camera line in the new M3046-V, the highest resolution model in their revamped M30 series. We bought and tested this...
Hiring Spree At Aimetis 6 Months After Being Acquired on Sep 28, 2016
Aimetis was acquired in April 2016, and is now expanding almost all of their departments, hiring employees from Axis and other industry...
Hikvision Chairman Tours With Chinese Government Boss on Sep 28, 2016
Two China Communist senior officials toured Europe this summer, one was Hikvision's Chairman and the other was his boss, SASAC Director. In this...
Camio Natural Language Processing Tested on Sep 27, 2016
The ex-Googler led team from Camio has advanced its video monitoring offering to include natural language processing. Camio ingests video,...
Access Door Controller Configuration Guide on Sep 27, 2016
Properly configuring access control door controllers is key to a professional system. These devices have fundamental settings that must be...
Hacked Dahua Cameras Drive Massive Cyber Attack on Sep 27, 2016
Cyber attacks are accelerating and IP cameras are behind many of them. Worse, last week, a 'massive' attack was carried out using numerous Dahua...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact