Multifactor Authentication - CompTIA Security+ SY0-701 - 4.6
Authentication Factors Explained
Overview of Authentication Factors
- When logging into a website, common methods include using a username and password, often supplemented by additional security measures like mobile apps or GPS location.
- Authentication factors can be categorized as something you know, something you have, something you are, or somewhere you are.
Something You Know
- The most prevalent authentication factor is "something you know," typically referring to passwords that users memorize.
- Personal Identification Numbers (PINs), such as those used at ATMs, exemplify this category since they are not written down and only known to the user.
- Unlock patterns on mobile devices also fall under this category as they require specific knowledge unique to the user.
Something You Have
- "Something you have" includes physical items like smart cards that may require a PIN for access.
- USB security keys serve as another example; these contain certificates unique to the user and must be physically present for authentication.
- Hardware tokens generate randomized numbers for login verification, while software tokens on mobile phones provide similar functionality without needing an extra device.
Something You Are
- Biometric authentication represents "something you are," utilizing unique personal traits like fingerprints or voiceprints for identification.
- This method stores mathematical representations of biometrics rather than actual images, making it difficult to alter once established.
- Due to potential circumvention issues with biometrics, it's advisable to use them alongside other authentication factors.
Somewhere You Are
- Location-based authentication ("somewhere you are") leverages mobile devices' ability to determine geographic locations during login attempts.