Authentication Factors
As described earlier in the chapter, an authentication factor is a way of confirming the identity of the subject. The three primary authentication factors are:
- Something you know—Secret knowledge, such as a password
- Something you have—A token or device
- Something you are—Unique physical characteristics of a person, such as those that can be detected by a retinal or iris scan, fingerprint scan, or voice analysis
Most authentication systems rely solely on the first factor, implemented as a username and password combination. For access to highly sensitive data, you might combine the first two factors, requiring a token just to access the login screen, where the user would enter ...
Get Access Control and Identity Management, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
