Glass Class - When Passwords Aren't Enough
Hi, welcome to another edition of Glass Class. My name's Michael and today we're going to be talking about multi-factor authentication. There are three factors of authentication to prove one's identity. First, we have knowledge, or something a user knows. This could be a password or a pin code. Number two, we have possession, or something a user has. This could be an ID card or a fob key. Number three is inherents, or something a user is. This typically includes biometric data like a fingerprint or a retinal scan.
So, instead of just providing a challenge for a password, a user can also be challenged to present something they have, like an ID card. Or, in some cases, a one-time use code can be sent to a mobile device or email address (or even generated from a physical token) that they can provide during authentication. Obviously, devices can get stolen or misplaced, so that's why we have option three, inherents, something the user is, to alleviate some of these risks. So, instead of providing a token, a user can just simply scan their fingerprint.
Another approach is to use multi-factor authentication in a step-up fashion. Let's say, at a level one security level we have a name and phone number. So, if the user would authenticate to get this access, we may only ask for a password. Now let's say there's a level two with more sensitive data, like a credit card and social security number. So, we would probably want to authenticate with a password and a token or a fingerprint scan. The benefit of using step-up is that a user who's authenticated at level two gains access to data at level one, as well, without having to re-authenticate. As we can see, using multi-factor authentication can prevent unauthorized access to your data, so use it wisely.
Thanks for watching.