This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
dido:public:s_cli:05_contents:02_prt:identity:01_problem:start [2021/06/24 17:06] nick |
dido:public:s_cli:05_contents:02_prt:identity:01_problem:start [2021/08/17 13:41] (current) murphy |
||
|---|---|---|---|
| Line 17: | Line 17: | ||
| )): | )): | ||
| - | * **Knowledge Factors** include all things users must know in order to log in to gain access to a system. This includes Usernames, IDs (i.e., Passport or Driver's license numbers), passwords, and personal identification numbers (PINs), answers to security questions(i.e., your favorite sport), or information derived from [[dido:public:ra:xapend:xapend.a_glossary:p:pii]] (i.e., mother's maiden name, oldest child's middle name). See [[dido:public:ra:xapend:xapend.a_glossary:c:securityculture]] | + | * **[[dido:public:ra:xapend:xapend.a_glossary:k:knowledge_factor]]** include all things users must know in order to log in to gain access to a system. This includes Usernames, IDs (i.e., Passport or Driver's license numbers), [[dido:public:ra:xapend:xapend.a_glossary:p:password | passwords]], and personal identification numbers (PINs), answers to security questions(i.e., your favorite sport), or information derived from [[dido:public:ra:xapend:xapend.a_glossary:p:pii]] (i.e., mother's maiden name, oldest child's middle name). See [[dido:public:ra:xapend:xapend.a_glossary:c:securityculture]] |
| - | * **Possession Factors** consist of things users must have in their possession in order to log in. This includes [[dido:public:ra:xapend:xapend.a_glossary:o:otp]] tokens, key fobs, smartphone apps, and employee ID using [[dido:public:ra:xapend:xapend.a_glossary:s:smart_card | Smart Cards]] and [[dido:public:ra:xapend:xapend.a_glossary:e:emv]]. These all work well until those things go missing as a result of negligence, lost baggage, direct or indirect theft. Direct theft is when the Possession Factor is taken directly (i.e., the intent of the theft), indirect is when the Possession Factor is taken collaterally (i.e., handbag theft). Additionally, any changes in computers, networks due to upgrades etc. would change the Possession profile for the individual. See [[dido:public:ra:xapend:xapend.a_glossary:p:physicalsecurity]]. | + | * **[[dido:public:ra:xapend:xapend.a_glossary:p:possession_factor]]** consist of things users must have in their possession in order to log in. This includes [[dido:public:ra:xapend:xapend.a_glossary:o:otp]] tokens, key fobs, smartphone apps, and employee ID using [[dido:public:ra:xapend:xapend.a_glossary:s:smart_card | Smart Cards]] and [[dido:public:ra:xapend:xapend.a_glossary:e:emv]]. These all work well until those things go missing as a result of negligence, lost baggage, direct or indirect theft. Direct theft is when the Possession Factor is taken directly (i.e., the intent of the theft), indirect is when the Possession Factor is taken collaterally (i.e., handbag theft). Additionally, any changes in computers, networks due to upgrades, etc. would change the Possession profile for the individual. See [[dido:public:ra:xapend:xapend.a_glossary:p:physicalsecurity]]. |
| - | * **Inherence Factors** include characteristics inherent to individuals confirming their identity. This includes the scope of biometrics, such as retina scans, fingerprint scans, facial recognition, and voice authentication. | + | * **[[dido:public:ra:xapend:xapend.a_glossary:i:inherence_factors]]** include characteristics inherent to individuals confirming their identity. This includes the scope of biometrics, such as retina scans, fingerprint scans, facial recognition, and voice authentication. |
| - | MFA can use other attributes in combination with the other authentication factors about any transaction: | + | MFA can use other attributes in combination with the other [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] factors about any transaction: |
| - | * **Location Factors** include using the user's current geographic location as determined by Global Positioning System (GPS) or using mobile device radio tower triangulation. Location Factors are generally not used as a sole source of identification but are used in combination with other identifying factors such as Knowledge, Possession, or Inherence. For example, an attempt is made to sign-on to a site using the user's user id and password but is doing so from a different location. The server rejects the sign-on because it uses the combination of the user/password and location to confirm the identity of the user. | + | * **[[dido:public:ra:xapend:xapend.a_glossary:l:location_factor]]** include using the user's current geographic location as determined by Global Positioning System (GPS) or using mobile device radio tower triangulation. Location Factors are generally not used as a sole source of [[dido:public:ra:xapend:xapend.a_glossary:i:identification|identification]] but are used in combination with other identifying factors such as Knowledge, Possession, or Inherence. For example, an attempt is made to sign-on to a site using the user's user id and [[dido:public:ra:xapend:xapend.a_glossary:p:password]] but is doing so from a different location. The [[dido:public:ra:xapend:xapend.a_glossary:s:server|server]] rejects the sign-on because it uses the combination of the user/password and location to confirm the identity of the user. |
| - | * **Time Factors** includes using the time of a transaction to help verify the identity of the user. Time, as with Location, is not by itself to determine the identity of a user, but adding it with location is a powerful tool. For example, two transactions are requested about an hour about and in geographic locations that would take more than an hour to travel between the two locations. Also, it is known based on a person's history, they never perform transactions during normal working hours or after 11:00 pm local time. Another use of time is the notification by the user of travel schedule including date, times, and location. Transactions requested outside the schedule are rejected. | + | * **[[dido:public:ra:xapend:xapend.a_glossary:t:time_factor]]** includes using the time of a transaction to help verify the identity of the user. Time, as with Location, is not by itself to determine the identity of a user, but adding it with location is a powerful tool. For example, two transactions are requested about an hour about and in geographic locations that would take more than an hour to travel between the two locations. Also, it is known based on a person's history, they never perform transactions during normal working hours or after 11:00 pm local time. Another use of time is the notification by the user of travel schedule including date, times, and location. Transactions requested outside the schedule are rejected. |