Which of the following combinations represent a true multi-factor authentication mechanism?
A.
password and PIN
B.
password and token
C.
PIN and token
D.
token and fingerprint
E.
fingerprint and retina scan
F.
password and retina scan
Explanation:
Multi-factor authentication is the requirement of more than one form of proof of
identity, from more than one type (factor) of proof. The three main types of factors are:
* Human Factors (something you are), which includes biometrics such as retina
scans, fingerprints, etc.
* Personal Factors (something you know), such as passwords, PINs, etc.
* Technical Factors (something you have), for instance smart card, token, etc.
A multi-factor authentication scheme must include at least one form of proof from at
least two of the above factor types. For instance, it could include the use of a smart
card and PIN, but not a password and PIN.
Note: Multi-factor authentication greatly reduces the risk of establishing fraudulent identity
over a scheme that uses only one factor. It takes away the ability to fraudulently
authenticate by obtaining any single piece of technology or password secret.
One way to achieve multi-factor authentication without requiring additional proofs
from the user is to track which devices the user logs in from. The device can suffice as
something the user has, for instance a laptop computer. If the user logs in from a
different device, or the device is used for a different user, then additional
authentication challenges may be warranted.
Reference: Oracle Reference Architecture, Security , Release 3.1