Information Categories for Authentication
Knowledge Factors
These include information that the user knows, for example:
- Passwords
- One-time passcodes (OTPs)
- Answers to security questions
- Personal identification numbers (PINs)
Advantage: Easy to implement.
Disadvantage: Users can forget the information or it can be stolen.
Possession Factors
These include objects that the user possesses:
- Key fobs
- Smart cards
- Mobile devices
- Hardware tokens
Advantage: Cannot be stolen remotely.
Disadvantage: An alternative is required in case of defect or loss.
Inherence Factors
These refer to physical or behavioral characteristics of the user:
- Fingerprint
- Voice recognition
- Iris scan
- Facial recognition
- Handwriting
Advantage: Unforgettable.
Disadvantage: May only work with specific devices.
Authentication Methods
There are various methods and technologies for authenticating users. Two different objectives must be balanced: On the one hand, sensitive data should be protected as effectively as possible. On the other hand, user-friendliness plays a role, as users should not have to overcome unnecessary hurdles.
The most common methods include:
- Single-Factor Authentication (SFA): Only a single factor is used here.
- Two-Factor Authentication (2FA): This method combines two factors from different categories.
- Multi-Factor Authentication (MFA): The user must use multiple factors to identify themselves. This further increases security.
- Passwordless: Methods that do not require passwords to confirm identity.
- Risk-based: Verification is performed based on a risk analysis that grants or denies access depending on the determined risk.
- Certificate-based: Digital certificates confirm possession of a private key, allowing users to verify their identity with it.
- Token-based: Users receive a token after verification that allows access to specific resources for a limited time.
- Single Sign-On (SSO): Here, users can log in to multiple applications and services with a single set of credentials.
