Four-factor authentication (4FA)
Four-factor
authentication (4FA) is the use of four types of identity-confirming
credentials, typically categorized as knowledge, possession, inherence and
location factors.
Four-factor
authentication is a newer security paradigm than two-factor or three-factor
authentication. Four factor systems are sometimes used in businesses and
government agencies that require extremely high security. Higher levels of multifactor
authentication categories make it increasingly unlikely that an attacker
can fake or steal all elements involved.
- Knowledge factors include all things a user must know in order to log in, such as a user name and password or personal identification number (PIN).
- Possession factors include anything a user must have in their possession to log in, such as a one- time password token (OTP token) or a smartphone with an OTP app.
- Inherence factors include biometric user data that are confirmed for login, such as iris scans, fingerprint scans and voice recognition.
User location
is sometimes considered a fourth factor for authentication. The ubiquity of
smartphones can help ease the burden: Most smartphones have a GPS
device, enabling reasonable surety confirmation of the login location. Lower
surety measures might be the MAC address of the login point or physical
presence verification through cards, for example.
Sometimes time
is considered a fourth or fifth factor. Verification of employee IDs against
work schedules, for example, can prevent some kinds of user hijacking attacks.
An American bank customer can't physically use his ATM card at home and then in
Russia within 15 minutes. Because time could be used as a distinct confirming
category, it may eventually be considered a separate factor, which could make
five-factor authentication (5FA) a possibility.
The use of at
least one element of each of the four factor categories is considered
four-factor authentication. The application of four authentication elements out
of two or three categories counts as two- or three-factor authentication,
respectively.
The reliability
of authentication depends not only on the number of factors involved but also
on how they are implemented. Options selected for authentication rules greatly
affect the security of each factor. Lax rules and implementations result in
weaker security.
Care must be
taken, on the other hand, not to overburden users with difficult authentication
routines, not only out of consideration for users but for security as well.
Throughout IT history, users have always found ways of subverting rules for
easier logins. Often, these efforts result in lowered security.
==================================================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
.jpg)
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
No comments:
Post a Comment