Multi-Factor Authentication Primer

Author: Brian Rhodes, Published on Feb 04, 2013

Can a stranger use your credentials? One of the oldest problems facing access control is making credentials as easy to use as keys, but restricting them to certain individuals. The technique of 'multi-factor authentication' is applied when the end-user is concerned about who actually can use access control credentials. In this note, we examine the concept and detail the ways many access control designers choose to use it.

Multi-Factor Authentication Defined

** ****** *****, *** ******* ***** **** **** **** *** credential **** ** ********* ** ***** ** **** ******. *******, the *********** **** ** '*******' ** * *** **** **** validate **** *****. **** ***** **** *** '*****-******' *******, **** than *** ********** **** ** ************** ********, *** ****** ** option ** **** **** *** **** ** ***** ****.

** * ***** **** ***** ****** ******** ********* *****, *********** scans, ** * ****** **** ** ***** ** ** '***********', two ** **** *********** ***** ** ******* *** *****, *** just ********* ********** ****** *** ********** *** *** **** ** present ** *** ****. *** ***** ***** ***** ** ******* of * ******* '***** ******' ****** ******:


*** ********** ************** '*******' ****** ** *** ** *** **** type, *** **** ** *******, ********, *** ********** ******* ***** of ***********. ***** '****** ******' *** ******** ***** **:

  • ********* *** **** ***: * **********/********** ******* **************** ** *** ****. ********* ** access ******* *****, *****, ** ***. **** ******** * ********** key, ********** **, ** ********.
  • ********* *** **** *****: ********* * **** ** ******** **** ******* ** *** user. ********* * *** ******, *** **** ******* '******** *********' or '**** * ****** ******** *****' *************.
  • ********* *** **** **: ********* ******** **** *** **** ** **** ** *******. Typically ************ ** **** ******, *** ***** ******** ******** ********* face ***********, **********, ******/**** *****, *** **** ****.
  • ******* ******* ******** *** ****: ***** ******* **********, ******* ***** ********** *** *** ******* for *** ****. **** ***** ** * ****** *****, ** even * ************ **** ****** ****** ***** ** ***********.

Different *****

*** ****** ****** ** ******* ******* **** ********* ** ** end-user's ******** ********. ***** ****** ********* ***** *** ******** *** of **** *********** *** ******* *** *******, ***** ****-******** ************* may ******* ***** ** ****. ** ****** *** ******* ***** tiers *****:

*** ******:**** ***** * *********** ** '********* *** **** ***' *** '********* ** *****', **** ** ****** ******* ****** **** *** ************ *** number. **** ** *** **** ***** *** ****, ** ************ finder ****** *** ** ** **** ****** ****** **** **** know * ****, ***** ** ***** **** ** *** ****.

******* *********** ********** ****** *** **** *********, ** ** **** common ** *** *********** ** ***** ************* ******* **** **'********* *** **** **' ** *** ****** **************.

***** ******: **** ******** ******** ** **** ****** ***** ** **********, three ******* *** ********. **** ***** **** ** * *********** of **********, *** *****, *** ****** ******* ***********, *** ****** significantly **** ****** ** ********* *** ****** **** ****** '****** factor' **************.


** * ****** ** **** **** *** **** ** *** this ***** ** **************, ** ** **** ** ******** **************, military, *** ******** ********** *** *** ********* *** ********** ***-*****.

**** ******: *** ******* ***** ** ************** ** ***** **** ** military *** ***** ********* *********, ***** ****** *********** *** **** in *********** **** *** ***** *******. ******* **** ******* ***** the **** **** *** ** *** **** ***** *********, ** typically ** *** ******** ****** *** ******** **** ** **** high *** ******** ******** ** *********.


Multi-Factor ************

**** ***** ****** '****** ******' ************** ** **** ******, *** multiple ******* *** ******** ******** ** ******* ************* ******* ** access *******. **** ***** ******** ********:

  • ATM ********: Not only are debit cards required to be swiped, but PIN numbers are required every time a cash transaction takes place at one of these machines.
  • ******: ********** **** ****** *****, *****, ** *** ***** ******* takes ********* ** ********* '********* *** ****' *** ********* '********* *** ****' ** ******* ****** **********.

**** ** ***** ** ******** ******, *********** **** * ***** role. **** ** ***** ** ******** ***********, ******** ******* *** required.

Single ****** ***** **** ******

* ******** ** ********** ****** ******* ******* *** '****** ******' authentication, *** **** ** ********** *** *** *********** ******** ** most ***-*****. *** ****** ********** **** ** **** ** **** to *** ******** ** *** ******, *** *** ****** ******** (ie: *******, *****) ** ****** ******* **** ******.

*** *********** *** ******* *** **** ****** '****** ******' **********. No ***** ************ ** *** ****** ** ******** **** *** key *** **** ******. ***** ********* ******** ** ****-**** ********** access ***********, ********** **** ***** ******* ** ******** '***** *****' of ******** *** **** ******** ** **********.

*** ***** *******, ***** ******** ******* ** ****** ******** ***** be ********** ******. ******* ******* ********** ***** ****** *** **** expensive, *** ****** ****** ************ ***** ** ******** *** ****** justified ******* ******** *************, ****** ****** ******* *** ******** ****** used.

Comments (19)

****** **** *** ** **** ** ***** ****** **************. ** some ******, ** **** ** ***** * ******* (*** * persons) ** ******* ********** ** ******** **** ***** ** ****** to ****** * ****, *** ******* *** ** ***. **** remain ****** ** *** ** **** **** *** *******, ** outside *** ******** **** *****.

*** ******* ************ ****** **************** ******* ** ********** * *** ******* ** ******. ********* for ****** ****** ******* ****** ** ****** **** ***** ******'* credentials.

******* *****, **** ***** * ****** **** ** * ***** & ****** ***** *** *** ********* ****** **** ********* ** the **** ******* *** *** ** *** ****, ** **** considered * ***** *** ********* *********? ** ** ** ******** an ********** ********* ****, *.*.,********* *** *****...

*********** ********.*********** ** ********** * *********, ** ***** ** ****.

****** **** (**** **** '**' ** ** **********) *** ***** checks **** ********* ** *** **** ** *** ****, ** is ** ***** * ***-****** *****: *** - *** **** the ****, *** *** - *** '***' *** ****** *** was ****** *** **** (********* ** **** *********).

** *** ****, *********** ** * **** *********, ***** ** can ****** ** *******. *** **** ** ***** *** * finite ********** ****** *** ************. *** **** ****, *** ** appears ** ************ ****** **** ****. *** *** * ***** something **** * ** **** *** ***** **** ********* ****** if * ** **** *** *****, ** *********** *** ************* that ***** ********** ** ***.

*********** ** * **** *********, ***** ** *** ****** ** spoofed.

*** ***** *** *** **** ***** **** ** ** **** the ****** ********-********* ********* *** ******** * *****, **** * very ******* *********, ******* **** ****** *. ******* ******* ** the ********* *** ** **** ****. ***** **** *** * breeze ** ********* * ********** ****** **** **** **** ******* purchases ** ******** **** *** ***** *** ********** *** ********* validation ********** ***********...

** ***** ******* ******* **** **** * '***** ***** ******' panic ******? **** *** ******, **** *** *** ***** **** or *********? :)

*.*. * ***'* **** ***** *** *** * ** * 'warm *****'...

** *** *** *** ********** ** ****** ********* ** *** facility. ********* *** *** ** ** ******* ***** ******** *** search **** *** *** ***** ***** ************. ****** **** ********* through *** ** *** ***** ****** **** *********, *** *** identifies *** ***** *** **** ***** *** *** ***** ***** print *** ************.

******** *** *** ****** *** ********* (*** ***** ** ***** up *********** *** ************) ** * **** *****, **, *** something * ****** **** *** ********** ******. * **** ******** on *** ******* ** *** ********* ************ ** *** **** about ***** *********.

**** ** ****** '************ ****' *** **** ********* *******.

******** *******'* ******** *********** ********** ** ***********, ***** *** **** ****** ******** **** *** fingerprint ******** *** ********** ****. *** **** ***** * ***** to **** *** ********** **** *** ******, *** *** ****** does *** ******** **** *** *********** ** *** ****** ****** unless *** *********** **** ******* *** *** ********** **** *** card.

*** **** **** ** ***** ** *** ******** ******, *** the ***** ******* *** *** ****** ***** *** ***** *********** are *****.

*** *******, ** **** ****** **** * **** ****** **** had * **** ***** *** **** ****** ***** *** ****** active ***** *** **** ** **** + *** *** ******* AND *******.

**** ***, *** ***'* **** ******* ****** ** "****" *** biometric ****. *** ***** **** ** ***** *** **** ** card + *** *****.

***** *** **** ***** ***** **** "********" ** **** ** retnia ****** ** ******* ** * ********* ******* ***** **** was * "********" **** *** ******** ** ********* **** ****. Having *** ********** ******* ***** ******* ** ***** *** ****** requiring **** ***** ** ** *****...

*** ***** *** **** ******** ****, **** *** *** ********** authentication? ****** **** *** *** **** ***********. * ***** ** should ***** ******** ***.

**** ********! ***** *** ******* ******* *** ********* ***'* ****** a **** ******, **** ** **** ** * '*****-******' *****:

****: ********* ******* ***** **** ****. ********* **** * ***** fingerprint ** ******** ******** ******* ***** ****. ****** ******** ******* a ****** **** ******* ****'* **** ******* **** **** *** waiting, *** ***** ******* *** ** ******.

********: ******** * *********** ****** ******* *** ** **** ****** summer, *** **** *** ******* ** **** *** ***, *** might **** ************ ********** ** *** ***** ****** ** **** off ****** ****** ** *** ** *** ****. *************, ***** problems ******** ************************** **. ***** *** ***** ******* ***, **** ***** *****, iris ******** ****** *** ***, *** ** **.

*******: **** ****** *** **** ******** ************* **** ********* ********. Some ***** ****** ** '******** ******* ***** ******'. ** *** disagree *** ***** **'* *****, *** *** ******** ** **** with ********** **** ***** ********** ******* *** ******* *********.

**********: ****, *** ******** ** ******* '********' ** ********* *******. For *******, **** *** *** ******* ****** *** ****** * fingerprint *** ** ****. ** **** ******* ** ** ********* choice *** *** *****, *** ** **...

** *** ********** *** ******* *******. *********** ********** *** ** "easily" ******. **, ** *** *** **** ** ****** * "gummy" *********** (****** **...) **** * ****** *****, **** *** have ******. **** ** *** *** **** * ****** ******.

******* ******* ***** ** ******* ******* ** *** ***** ****** on *** *******.

*** ***********, ****** * ****** **** ******* * ***** ******* that ** ** * **** ******, *** *** * **** or *********.

****** * *** **** ******* ******** ****** *** * ***** or ****** **********. ****** ** * ***** ** ******* *** trips * ****** ***** ********** * ******** ******* ******** *** intruder ***********...

* ** ******** ** *** ******* ***** **** ** ***** community, ***** *** **** **** **** **** ** ** ** enter *** *****. ********* ******* **** *** ***** **** ** include **** **** ** ********** *** *** ** ***** ***** residence.

** *** ***** ** ** ****** * ****** ** * facility **** *** * ******** ******* ** *** **** *** would ****** *** ***** ** *** *** ***** *** ***, then *** *** *** * ****** *** *** ***. * layers ******* *********.

* **** * ****'* **** ** **** *** **** *****, but **** ** ***** *** *******. *'** **** *** ***** readings *** *'* ******* **** ****** ***** ** ****** *********** as * ********* ***********. **** * *** ** ******** ******* News, ****** * *********** * ***** ********* ** *****(*** *** **) *** * ********-**** ************ ****'* **** ** a ****** ******* ******** ** **** ** *** *** ******** seemed ** **** ********* **** *** *** * ******* *** for * ****** *** ****'* **** ** ******** ** ***** a ********** ** ********** ***** ** ***** ***** ***, ***...


*******, * *** **** ** ******* *****, *** * ***'* see ****** ***********--** ********** ** *******--****** ***. *** ****** ********** any **** ** ****** ***********?

******!

******: ********** **** ****** *****, *****, ** *** ***** ******* takes ********* ** ********* '********* *** ****' *** ********* '********* *** ****' ** ******* ****** **********.

**'* *** **** *** ******** * ******** *** ******** ***** multi-factor **************. **** ******** ************** ******** ** ** ** ******-******, as **** ******** *** ******** *** ********** ********* *** ****. I ***'* ***** * ******** ***** ** ********* * ****, as ** ***'* ** ***** **** ** (**** ** ****** card *** **). * ******* **** **** ** ******* ********+ guide:

*** **** ***** **** ** ************** ** ***** ******** ****** ************** (***)******* **** *** **** ** ************** ** *******. *** ** most ***** *********** ** *** *********** ********/******** ***********.

**** ** **** ******* ***********!!

***** *** "****" ************** ** **** ** * ***** **** or ** ** ******** ** ******** *****? **** *** ******* me.

*'** *** **** ************ ********** *** ** '****' **********.

*******, ***** *** ******* '****** ** *******' ****** ** ********** that **** **** (******) ****** ****** ** ****** ** *** sensors (**: **** ***** **** **** ** ****** ******,*** *********).

* ** ***** *** ****** ** ****** **** **** ******** gait ** * *********, *** ******* ***** *** '****** *********' is *****.

*******, ***** ** ** * ***** **** ** ***** ** after * ******* ** ********, *** * *** ****** *** differences ** ** *** ****. :)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Genetec Launches Cloud Access Control (Synergis SaaS) on Sep 21, 2017
Genetec's cloud everything expansion continues, with their announcement of Synergis SaaS edition, joining their cloud video offering Stratocast,...
Automatic Door Operators For Access Tutorial on Sep 20, 2017
Opening and closing doors might sound simple, but it takes a high-tech piece of door hardware to pull it off. Integrating automatic door operators...
HID Buys Mercury Security on Sep 19, 2017
One of the biggest access control deals in years. Mercury Security, the most widely used access hardware OEM, and partner to 20+ manufacturers,...
Cloud Guy Prints Book, Misses Irony on Sep 15, 2017
On-premise security systems are dead. But $75 print books are alive and well. Such are the lessons from Brivo's CEO new book "The Five...
Master Keying Tutorial on Sep 14, 2017
Mechanical keys are the most fundamental, albeit unsophisticated, form of access control. Like access control, Master Keying allows large scale use...
Fail Safe vs. Fail Secure Tutorial on Sep 13, 2017
Few terms carry greater importance in access control than 'fail safe' and 'fail secure'. Access control professionals must know how these concepts...
Axis: Use QR Codes Instead of Access Cards on Sep 12, 2017
Innovation in access may be hard to find, but Axis recently suggested an idea for credentials few have considered. Rather than using plastic cards,...
Dahua and Hikvision Entering Access Control on Sep 05, 2017
Until now, Chinese video giants Hikvision and Dahua have held back releasing access internationally. Both companies have now pulled the trigger,...
Vulnerability Directory For Access Control Cards on Aug 14, 2017
Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...
Competing Against G4S on Aug 09, 2017
G4S Secure Solutions is a global company, operating in multiple countries and offering a suite of products and services from guards to their AMAG...

Most Recent Industry Reports

Genetec Launches Cloud Access Control (Synergis SaaS) on Sep 21, 2017
Genetec's cloud everything expansion continues, with their announcement of Synergis SaaS edition, joining their cloud video offering Stratocast,...
Genetec CEO Warns Against Insider Threats on Sep 21, 2017
With Dahua and Hikvision cybersecurity issues becoming indisputable, a new counter has emerged. Just put them behind a firewall, buy cheap...
Automatic Door Operators For Access Tutorial on Sep 20, 2017
Opening and closing doors might sound simple, but it takes a high-tech piece of door hardware to pull it off. Integrating automatic door operators...
'Clowns' Allege Ubiquiti 'Completely Fraudulent' on Sep 20, 2017
A short seller has alleged Ubiquiti is 'completely fraudulent'. Ubiquiti's CEO has responded calling them 'clowns'. Here is the short...
Avigilon 'Blue' Cloud Entry Examined on Sep 19, 2017
Avigilon is moving to the cloud. The company announced their Avigilon Blue platform, designed to be a web-managed surveillance system, utilizing...
HID Buys Mercury Security on Sep 19, 2017
One of the biggest access control deals in years. Mercury Security, the most widely used access hardware OEM, and partner to 20+ manufacturers,...
Hikvision Backdoor Exploit on Sep 18, 2017
Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras. As the researcher, Monte...
Avigilon Touting 'Made In America' on Sep 18, 2017
Canadian manufacturer Avigilon, who completed a US manufacturing facility in 2015, is now running a marketing campaign touting 'Made In America',...
Cloud Guy Prints Book, Misses Irony on Sep 15, 2017
On-premise security systems are dead. But $75 print books are alive and well. Such are the lessons from Brivo's CEO new book "The Five...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact