You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Use of second, different, factor type immediately after applying the first one, or when needed.

Factors

  1. Knowledge (password)
  2. Possession (ID card, security token, smartphone or other device).
  3. inherent (biometric, behavior)
  4. Location
  5. Time

Applications/scenarios

More secure authentication

Permission escalation

Elements

  • Physical devices and tokens, other client devices (sensors or mere USB port)
  • Infrastructure and software
    • Vetting, issuance, management, revocation
    • Actual authentication
  • Applications, services, authorisation (sometimes also in infrastructure)

Our scope

1st -  Password

2nd - Possession or inherence (what about knowledge from device-based out-of-band communication, software tokens, etc?)

  • No labels