Adam works as a Security Analyst for Umbrella Inc. CEO of the company ordered him to implement
two-factor authentication for the employees to access their networks. He has told him that he would
like to use some type of hardware device in tandem with a security or identifying pin number. Adam
decides to implement smart cards but they are not cost effective. Which of the following types of
hardware devices will Adam use to implement two-factor authentication?
A.
Biometric device
B.
One Time Password
C.
Proximity cards
D.
Security token
Explanation:
Security token can be a physical device that an authorized user of computer services is
given to ease authentication. The term may also refer
to software tokens. Security tokens are used to prove one’s identity electronically (as in the case of a
customer trying to access his bank
account). The token is used in addition to or in place of a password to prove that the customer is
who he claims to be. The token acts like an
electronic key to access something.
Answer option A is incorrect. A biometric device is used for uniquely recognizing humans based
upon one or more intrinsic physical or
behavioral traits. Biometrics is used as a form of identity access management and access control. It is
also used to identify individuals in
groups that are under surveillance. Biometric characteristics can be divided into two main classes:
1.Physiological: These devices are related to the shape of the body. But these are not limited to
fingerprint, face recognition, DNA, hand
and palm geometry, iris recognition, which has largely replaced retina, and odor/scent.
2.Behavioral: These are related to the behavior of a person. But they are not limited to typing
rhythm, gait, and voice.Answer option C is incorrect. Proximity card (or Prox Card) is a generic name for contactless
integrated circuit devices used for security
access or payment systems. It can refer to the older 125 kHz devices or the newer 13.56 MHz
contactless RFID cards, most commonly
known as contactless smartcards.
Modern proximity cards are covered by the ISO/IEC 14443 (Proximity Card) standard. There is also a
related ISO/IEC 15693 (Vicinity
Card) standard. Proximity cards are powered by resonant energy transfer and have a range of 0-3
inches in most instances. The user
will usually be able to leave the card inside a wallet or purse. The price of the cards is also low,
usually US$2-$5, allowing them to be
used in applications such as identification cards, keycards, payment cards and public transit fare
cards.
Answer option B is incorrect. A one-time password (OTP) is a password that is only valid for a single
login session or transaction. OTP
avoid a number of shortcomings that are associated with traditional (static) passwords. The most
important shortcoming that is
addressed by OTP is that, in contrast to static passwords, they are not vulnerable to replay attacks.
This means that, if a potential
intruder manages to record an OTP that was already used to log into a service or to conduct a
transaction, he will not be able to abuse
it since it will be no longer valid. OTP cannot be memorized by human beings. Therefore they require
additional technology in order to
work.