Multi-Factor Authentication Primer

Author: Brian Rhodes, Published on Feb 04, 2013

Can a stranger use your credentials? One of the oldest problems facing access control is making credentials as easy to use as keys, but restricting them to certain individuals. The technique of 'multi-factor authentication' is applied when the end-user is concerned about who actually can use access control credentials. In this note, we examine the concept and detail the ways many access control designers choose to use it.

Multi-Factor Authentication Defined

** ****** *****, *** ******* ***** **** **** **** *** credential **** ** ********* ** ***** ** **** ******. *******, the *********** **** ** '*******' ** * *** **** **** validate **** *****. **** ***** **** *** '*****-******' *******, **** than *** ********** **** ** ************** ********, *** ****** ** option ** **** **** *** **** ** ***** ****.

** * ***** **** ***** ****** ******** ********* *****, *********** scans, ** * ****** **** ** ***** ** ** '***********', two ** **** *********** ***** ** ******* *** *****, *** just ********* ********** ****** *** ********** *** *** **** ** present ** *** ****. *** ***** ***** ***** ** ******* of * ******* '***** ******' ****** ******:


*** ********** ************** '*******' ****** ** *** ** *** **** type, *** **** ** *******, ********, *** ********** ******* ***** of ***********. ***** '****** ******' *** ******** ***** **:

  • ********* *** **** ***: * **********/********** ******* **************** ** *** ****. ********* ** access ******* *****, *****, ** ***. **** ******** * ********** key, ********** **, ** ********.
  • ********* *** **** *****: ********* * **** ** ******** **** ******* ** *** user. ********* * *** ******, *** **** ******* '******** *********' or '**** * ****** ******** *****' *************.
  • ********* *** **** **: ********* ******** **** *** **** ** **** ** *******. Typically ************ ** **** ******, *** ***** ******** ******** ********* face ***********, **********, ******/**** *****, *** **** ****.
  • ******* ******* ******** *** ****: ***** ******* **********, ******* ***** ********** *** *** ******* for *** ****. **** ***** ** * ****** *****, ** even * ************ **** ****** ****** ***** ** ***********.

Different *****

*** ****** ****** ** ******* ******* **** ********* ** ** end-user's ******** ********. ***** ****** ********* ***** *** ******** *** of **** *********** *** ******* *** *******, ***** ****-******** ************* may ******* ***** ** ****. ** ****** *** ******* ***** tiers *****:

*** ******:**** ***** * *********** ** '********* *** **** ***' *** '********* ** *****', **** ** ****** ******* ****** **** *** ************ *** number. **** ** *** **** ***** *** ****, ** ************ finder ****** *** ** ** **** ****** ****** **** **** know * ****, ***** ** ***** **** ** *** ****.

******* *********** ********** ****** *** **** *********, ** ** **** common ** *** *********** ** ***** ************* ******* **** **'********* *** **** **' ** *** ****** **************.

***** ******: **** ******** ******** ** **** ****** ***** ** **********, three ******* *** ********. **** ***** **** ** * *********** of **********, *** *****, *** ****** ******* ***********, *** ****** significantly **** ****** ** ********* *** ****** **** ****** '****** factor' **************.


** * ****** ** **** **** *** **** ** *** this ***** ** **************, ** ** **** ** ******** **************, military, *** ******** ********** *** *** ********* *** ********** ***-*****.

**** ******: *** ******* ***** ** ************** ** ***** **** ** military *** ***** ********* *********, ***** ****** *********** *** **** in *********** **** *** ***** *******. ******* **** ******* ***** the **** **** *** ** *** **** ***** *********, ** typically ** *** ******** ****** *** ******** **** ** **** high *** ******** ******** ** *********.


Multi-Factor ************

**** ***** ****** '****** ******' ************** ** **** ******, *** multiple ******* *** ******** ******** ** ******* ************* ******* ** access *******. **** ***** ******** ********:

  • ATM ********: Not only are debit cards required to be swiped, but PIN numbers are required every time a cash transaction takes place at one of these machines.
  • ******: ********** **** ****** *****, *****, ** *** ***** ******* takes ********* ** ********* '********* *** ****' *** ********* '********* *** ****' ** ******* ****** **********.

**** ** ***** ** ******** ******, *********** **** * ***** role. **** ** ***** ** ******** ***********, ******** ******* *** required.

Single ****** ***** **** ******

* ******** ** ********** ****** ******* ******* *** '****** ******' authentication, *** **** ** ********** *** *** *********** ******** ** most ***-*****. *** ****** ********** **** ** **** ** **** to *** ******** ** *** ******, *** *** ****** ******** (ie: *******, *****) ** ****** ******* **** ******.

*** *********** *** ******* *** **** ****** '****** ******' **********. No ***** ************ ** *** ****** ** ******** **** *** key *** **** ******. ***** ********* ******** ** ****-**** ********** access ***********, ********** **** ***** ******* ** ******** '***** *****' of ******** *** **** ******** ** **********.

*** ***** *******, ***** ******** ******* ** ****** ******** ***** be ********** ******. ******* ******* ********** ***** ****** *** **** expensive, *** ****** ****** ************ ***** ** ******** *** ****** justified ******* ******** *************, ****** ****** ******* *** ******** ****** used.

Comments (15)

****** **** *** ** **** ** ***** ****** **************. ** some ******, ** **** ** ***** * ******* (*** * persons) ** ******* ********** ** ******** **** ***** ** ****** to ****** * ****, *** ******* *** ** ***. **** remain ****** ** *** ** **** **** *** *******, ** outside *** ******** **** *****.

*** ******* ************ ****** **************** ******* ** ********** * *** ******* ** ******. ********* for ****** ****** ******* ****** ** ****** **** ***** ******'* credentials.

******* *****, **** ***** * ****** **** ** * ***** & ****** ***** *** *** ********* ****** **** ********* ** the **** ******* *** *** ** *** ****, ** **** considered * ***** *** ********* *********? ** ** ** ******** an ********** ********* ****, *.*.,********* *** *****...

*********** ********.*********** ** ********** * *********, ** ***** ** ****.

****** **** (**** **** '**' ** ** **********) *** ***** checks **** ********* ** *** **** ** *** ****, ** is ** ***** * ***-****** *****: *** - *** **** the ****, *** *** - *** '***' *** ****** *** was ****** *** **** (********* ** **** *********).

** *** ****, *********** ** * **** *********, ***** ** can ****** ** *******. *** **** ** ***** *** * finite ********** ****** *** ************. *** **** ****, *** ** appears ** ************ ****** **** ****. *** *** * ***** something **** * ** **** *** ***** **** ********* ****** if * ** **** *** *****, ** *********** *** ************* that ***** ********** ** ***.

*********** ** * **** *********, ***** ** *** ****** ** spoofed.

*** ***** *** *** **** ***** **** ** ** **** the ****** ********-********* ********* *** ******** * *****, **** * very ******* *********, ******* **** ****** *. ******* ******* ** the ********* *** ** **** ****. ***** **** *** * breeze ** ********* * ********** ****** **** **** **** ******* purchases ** ******** **** *** ***** *** ********** *** ********* validation ********** ***********...

** ***** ******* ******* **** **** * '***** ***** ******' panic ******? **** *** ******, **** *** *** ***** **** or *********? :)

*.*. * ***'* **** ***** *** *** * ** * 'warm *****'...

** *** *** *** ********** ** ****** ********* ** *** facility. ********* *** *** ** ** ******* ***** ******** *** search **** *** *** ***** ***** ************. ****** **** ********* through *** ** *** ***** ****** **** *********, *** *** identifies *** ***** *** **** ***** *** *** ***** ***** print *** ************.

******** *** *** ****** *** ********* (*** ***** ** ***** up *********** *** ************) ** * **** *****, **, *** something * ****** **** *** ********** ******. * **** ******** on *** ******* ** *** ********* ************ ** *** **** about ***** *********.

**** ** ****** '************ ****' *** **** ********* *******.

******** *******'* ******** *********** ********** ** ***********, ***** *** **** ****** ******** **** *** fingerprint ******** *** ********** ****. *** **** ***** * ***** to **** *** ********** **** *** ******, *** *** ****** does *** ******** **** *** *********** ** *** ****** ****** unless *** *********** **** ******* *** *** ********** **** *** card.

*** **** **** ** ***** ** *** ******** ******, *** the ***** ******* *** *** ****** ***** *** ***** *********** are *****.

*** *******, ** **** ****** **** * **** ****** **** had * **** ***** *** **** ****** ***** *** ****** active ***** *** **** ** **** + *** *** ******* AND *******.

**** ***, *** ***'* **** ******* ****** ** "****" *** biometric ****. *** ***** **** ** ***** *** **** ** card + *** *****.

***** *** **** ***** ***** **** "********" ** **** ** retnia ****** ** ******* ** * ********* ******* ***** **** was * "********" **** *** ******** ** ********* **** ****. Having *** ********** ******* ***** ******* ** ***** *** ****** requiring **** ***** ** ** *****...

*** ***** *** **** ******** ****, **** *** *** ********** authentication? ****** **** *** *** **** ***********. * ***** ** should ***** ******** ***.

**** ********! ***** *** ******* ******* *** ********* ***'* ****** a **** ******, **** ** **** ** * '*****-******' *****:

****: ********* ******* ***** **** ****. ********* **** * ***** fingerprint ** ******** ******** ******* ***** ****. ****** ******** ******* a ****** **** ******* ****'* **** ******* **** **** *** waiting, *** ***** ******* *** ** ******.

********: ******** * *********** ****** ******* *** ** **** ****** summer, *** **** *** ******* ** **** *** ***, *** might **** ************ ********** ** *** ***** ****** ** **** off ****** ****** ** *** ** *** ****. *************, ***** problems ******** ************************** **. ***** *** ***** ******* ***, **** ***** *****, iris ******** ****** *** ***, *** ** **.

*******: **** ****** *** **** ******** ************* **** ********* ********. Some ***** ****** ** '******** ******* ***** ******'. ** *** disagree *** ***** **'* *****, *** *** ******** ** **** with ********** **** ***** ********** ******* *** ******* *********.

**********: ****, *** ******** ** ******* '********' ** ********* *******. For *******, **** *** *** ******* ****** *** ****** * fingerprint *** ** ****. ** **** ******* ** ** ********* choice *** *** *****, *** ** **...

** *** ********** *** ******* *******. *********** ********** *** ** "easily" ******. **, ** *** *** **** ** ****** * "gummy" *********** (****** **...) **** * ****** *****, **** *** have ******. **** ** *** *** **** * ****** ******.

******* ******* ***** ** ******* ******* ** *** ***** ****** on *** *******.

*** ***********, ****** * ****** **** ******* * ***** ******* that ** ** * **** ******, *** *** * **** or *********.

****** * *** **** ******* ******** ****** *** * ***** or ****** **********. ****** ** * ***** ** ******* *** trips * ****** ***** ********** * ******** ******* ******** *** intruder ***********...

* ** ******** ** *** ******* ***** **** ** ***** community, ***** *** **** **** **** **** ** ** ** enter *** *****. ********* ******* **** *** ***** **** ** include **** **** ** ********** *** *** ** ***** ***** residence.

** *** ***** ** ** ****** * ****** ** * facility **** *** * ******** ******* ** *** **** *** would ****** *** ***** ** *** *** ***** *** ***, then *** *** *** * ****** *** *** ***. * layers ******* *********.

* **** * ****'* **** ** **** *** **** *****, but **** ** ***** *** *******. *'** **** *** ***** readings *** *'* ******* **** ****** ***** ** ****** *********** as * ********* ***********. **** * *** ** ******** ******* News, ****** * *********** * ***** ********* ** *****(*** *** **) *** * ********-**** ************ ****'* **** ** a ****** ******* ******** ** **** ** *** *** ******** seemed ** **** ********* **** *** *** * ******* *** for * ****** *** ****'* **** ** ******** ** ***** a ********** ** ********** ***** ** ***** ***** ***, ***...


*******, * *** **** ** ******* *****, *** * ***'* see ****** ***********--** ********** ** *******--****** ***. *** ****** ********** any **** ** ****** ***********?

******!

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

ZKAccess Company Profile and Higher Margin Guarantee Examined on Aug 30, 2016
A budget access manufacturer has entered the North American market, but it is not Hikvision or Dahua. This player, ZKAccess, has recently set up...
Genetec Access Control Security Center 5.5 Release on Aug 26, 2016
Inside, we examine Genetec's new Access Control features in Security Center 5.5. Enhanced Active Directory and 'Universal Groups' New, Single...
Tailgating - Access Control Tutorial on Aug 25, 2016
Despite costing thousands of dollars per door, electronic access control systems are vulnerable to an easy exploit called 'tailgating'. Unless this...
Service / Maintenance Contracts Guide And Downloadable Sample Agreement on Aug 18, 2016
This guide provides in-depth recommendations for service / maintenance and a sample service agreement that integrators can edit and customize for...
Hotel Access Control Explained on Aug 17, 2016
Hotel access control seems to work magically. Unlike electronic access control systems used in commercial security, doors in hotels are not...
Cameras Mounted On Poles Primer on Aug 15, 2016
Poles are a popular but challenging choice for deploying surveillance cameras. Poles are indispensable for putting cameras at the right height to...
Building Occupancy Codes and Access Control Tutorial on Aug 11, 2016
A building or room's classification can greatly impact which building codes must be followed. In terms of access control, these 'occupancy codes'...
Bosch Intrusion Detection Profile on Aug 10, 2016
This is a first in a new IPVM series profiling intrusion detection / alarm offerings. In this series, starting with Bosch, we examine: Key...
Chinese Spam Access Control Is Here on Aug 04, 2016
Notorious spammers like Longse, Cantonk, and Wodsee have flooded the video market with nuisance emails touting ultra low cost cameras for years,...
Ex-HID CEO Joins Feenics Cloud Access Startup on Aug 03, 2016
The CEO of access control's most well known manufacturer, HID, exited just over a year ago. Since that time, Denis Hébert has stayed active as the...

Most Recent Industry Reports

ZKAccess Company Profile and Higher Margin Guarantee Examined on Aug 30, 2016
A budget access manufacturer has entered the North American market, but it is not Hikvision or Dahua. This player, ZKAccess, has recently set up...
DW Races Hikvision To The Bottom on Aug 30, 2016
20% across the board price cuts are so last week. Literally. Days after Hikvision concluded its second 20% across the board price cut in a month,...
Ex-Dahua VP's Company, Videopark, Examined on Aug 30, 2016
An ex-Dahua VP formed Videopark in 2009 and has since recruited many engineers from both Dahua and Hikvision. US sales manager Kevin Zhou...
US Embassy Requires Hikvision Cameras on Aug 29, 2016
The US Embassy in Kabul Afghanistan has required only Hikvision cameras in a new US federal government bid. However: Hikvision was founded...
Axis Hosted Video Decade of Failure on Aug 29, 2016
Do you want to 'head up' Axis hosted video offerings? Axis almost never publicly promotes senior positions, but for such an unattractive job they...
Hikvision Chinese Government Origin on Aug 29, 2016
Hikvision originated from a Chinese government research institute. This is uncommon in the West but frequent in China. Hikvision was founded...
ONVIF Profile G Video Storage Test on Aug 26, 2016
A standard to retrieve video stored on 3rd party devices. This is the aim of ONVIF Profile G. The proprietary nature of accessing recorded video...
Viakoo Health Monitoring Examined on Aug 26, 2016
Viakoo, the company of ex-Intransa leaders, says they have created a monitoring tool for security networks that is easy to deploy and offers...
Genetec Access Control Security Center 5.5 Release on Aug 26, 2016
Inside, we examine Genetec's new Access Control features in Security Center 5.5. Enhanced Active Directory and 'Universal Groups' New, Single...
Tailgating - Access Control Tutorial on Aug 25, 2016
Despite costing thousands of dollars per door, electronic access control systems are vulnerable to an easy exploit called 'tailgating'. Unless this...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact