Multi-Factor Authentication
A security system that requires more than one method of authentication from independent categories of credentials to certify the user’s identity
Authentication Factors
Knowledge-based Factor
Also known as Type 1 or “Something you Know” factor
Least Security, Cheapest Solution
e.g. Password, PIN
Possession-based Factor
Also known as Type 2 or “Something you Have” factor
e.g. Smart Card, Hardware Token (Key Fob), Software Token (OTP)
Inheritance-based Factor
Also known as Type 3 or “Something you Are” factor
High security, High Cost, Error Prone
Once compromised it cannot be replaced
e.g. Biometrics (Fingerprints, Facial, Iris Scan), Behavioral (Typing Style, Walking Style, Signature, Voice Recognition)
Location-based Factor
Also known as Type 4 or “Somewhere you Are” factor
e.g. IP Address Verification, GPS Tracking
Behaviour-based Factor
Also known as Type 5 or “Something you Do” factor
e.g. Keystroke Pattern, Mouse Movement
Passkeys
Users can create and access online accounts without needing to input a password
To log into a service the user must unlock their device using the authentication method they have set (e.g. biometrics)