The purpose of authentication is to make sure the person using or accessing data is someone who is allowed to do so. But the process of safeguarding digital information can be difficult and doing so has only become more difficult as our society has increasingly turned to electronic data storage.
Oftentimes today we may only see the person we’re working with face-to-face once in a while. So how do we make sure the right person (and ONLY the right person) has access to confidential information? The answer is multi-factor authentication.
Types of Authentication
There are three primary ways of authenticating a user:
1. Knowledge — The first type of authentication is based on information the user knows. This may be a password and/or a security question, for example.
2. Possession — The second type of authentication is based on something the user has in his or her possession. When a shopper makes an online purchase and is asked for the three-digit code on the back of their credit card that is an example of this type of authentication. Visually checking an ID card is another example.
3. Inherent Factors — The third type of authentication is based on who someone is — a user’s fingerprints, retinal pattern or signature qualify as inherent factors. They are things that are unique and cannot easily be changed.
The more factors of authentication used, the more secure data can be. However in order for a process to qualify as “two-factor authentication,” it must use two different types of authentication.
For example, asking someone for both a PIN and requiring them to answer a question would not qualify as two-factor authentication, since both methods of verifying identification are knowledge-based.
However requiring a password as well as information from a physical object (such as a code, sent to the user’s cell phone) would count as two-factor authentication because it uses both knowledge and possession to prove identity.
In a world where we’re increasingly known for our online identities, authentication is a serious issue — something every executive should understand to protect both themselves and their companies.