When we talk about authentication, we mean different things. For example, in a high-security environment, we might say that we’re using Type 3 Authentication.
In this post, I’ll discuss the different types of multi-factor authentication and what they look like in practice.
Understanding Multi-factor Authentication
Multi-factor authentication is a type of security applied when accessing an account or an online asset where the user is required to verify their identity in at least two ways before they are able to sign in. This makes the sign in more secure than the traditional method, where you input one method of authentication, which is usually a password.
Most people manage more than two accounts at a time. Unfortunately, they tend to use passwords that they can remember with ease or the same password across multiple devices. These passwords are usually weak and easy to create, thereby putting several accounts at risk.
Multi-factor authentication adds a layer of security beyond the password that may only be known or accessed by the account owner. As it is hard for hackers to be in possession of all these, it is hard for them to access the account, even if they have the password.
What are the Factors of Authentication?
An authentication factor is a type or category of evidence that you have to present to prove that you are indeed the one that you have presented yourself to be. There are three types of factors, as explained below.
Knowledge Factor
The knowledge factor is the most basic factor of authentication. It is expected that you know the details of the account that you intend to open. Therefore, it will be asking you to provide your username and password.
You may also be asked to provide an answer to a security question that you selected during the opening of the account. The security question can be anything from your favourite colour to the elementary school where you studied. Unfortunately, people may deduce the answer if they know your background or deduce in a normal conversation.
Another example of authentication based on something that you know is a personal identification number (PIN). PINs are used on ATMs, to unlock SIM cards, and various online accounts.
Possession Factor
The possession factor, or something you have, requires you to provide evidence that you are in possession of a physical item such as a FID02 security key, Hardware OTP token, a smart card, mobile device, or SIM card.
Since most online criminals access accounts online, it is hard for them to access the physical hardware. While a swapping attack can access the physical item or it can be stolen, it is a lot harder than cracking a username and password.
An example of a possession factor in use is the passcode authentication method for most social media and email accounts. It seeks to establish whether you’re in the position of the SIM card registered to the account.
Inherence Factor
The inherence factor is the most robust of the three authentication factors. It seeks to confirm if the people presenting any of the two other authentication factors are indeed the owners of the accounts in question by asking them to present their unique features. Some of the inherent factors include retina pattern scan, fingerprint scan, voice recognition, and facial recognition. Most accounts that use this factor combine it with the other two.
What is Type 3 Authentication?
Type 3 authentication is identity confirmation based on inherence factors. These biometric factors are unique to an individual. Therefore, when set at the opening of the account, they cannot be guessed or replicated. This is what makes it very secure. Unfortunately, once such factors are breached, they cannot be replaced as in the case with the other two factors.
This type of authentication is becoming popular across various electronic devices such as smartphones and laptops. Most of these devices have the capability for using one to three of these inherence-based factors along with other two. However, it is important to set at least one of the other two factors to act as back up should the inherence-based method fails. The failure can be as a result of scanner damage or a problem with the feature used as such having cuts on the finger you used to set the fingerprint method.
