The 5 Factors of Authentication

The word "Authenticate" means (1) to prove that something is real, true, or what people say it is (2) to prove that someone is a particular person. Thus, Authentication is the process of identifying and validating the users (i.e. determining whether someone or something is, in fact, who or what it declares itself to be). Authentication forms one of the first steps of access control. In this post, we shall learn 5 factors of authentication.



Factor #1: Something you know:   The something you know factor is the most common factor used and can be a password or a simple personal identification number (PIN). However, it is easy to crack passwords. 




That is why, when using passwords, it is important to use strong passwords. A strong password has a mixture of upper case, lower case, numbers, and special characters. We often come across applications requiring user passwords should be at least eight characters long. Many organizations require that administrator passwords be at least 15 characters long.

Factor #2: Something you have: This factor refers to information that you can (physically) carry with you. This can be either "RSA token ID", or "Smart card" where PIN verification chip is enclosed or "One Time Password (OTP)" you must enter.



Factor #3: Something you are: Simply put, something you are is an information that is in you — it’s a characteristic that only you and no one else has it. That includes, but is not limited to, your fingerprint or thumbprint, palm, hand print, retina, iris, voice and face.





Factor #4: Somewhere you are: This factor relates to detecting a user’s Geo-location security checks. When you configure your account, you might say that you live in the United States. If someone tries to log in to your account from an IP address located in Germany, the service will probably notify you saying that a login attempt was made from a location different than yours. That is extremely useful to protect your account against hackers.





Factor #5: Something you do: Something you do is a type of authentication which proves identities by observing actions. These actions could be things like gestures or touches. Windows 8 users might know about a feature called Picture Password. This feature allows the user to set up gestures and touches on a picture as a way to authenticate themselves.


User authentication occurs within most human-to-computer interactions outside of guest accounts, automatically logged-in accounts and kiosk computer systems. During authentication, credentials provided by the user are compared to those on file in a database of authorized users' information either on the local operating system or through an authentication server. If the credentials match, and the authenticated entity is authorized to use the resource, the process is completed and the user is granted access. The permissions and folders returned define both the environment the user sees and the way he can interact with it, including hours of access and other rights such as the amount of resource storage space.