14-09-2017, 03:59 PM
User authentication is the process of verifying the identity of a user to grant access to data and services. Traditional authentication is based on passwords, but it is too clear that it is no longer an acceptable solution. On the one hand, advances in technology have made it much easier to crack even a difficult password. On the other hand, the large number of accounts that an individual must manage has grown to the point where most people can not remember a different long and complex password for each account.
For example:
• More than two-thirds of Internet users have forgotten a long or complex password at least once in the past two years
• 37% have had to ask for help with an online username or password at least once a month
A better solution is needed that provides greater security while making it easier for legitimate users to access their accounts.
Multifactor Authentication
User authentication requires verification of identity through multiple credentials. Three types of authentication factors can be used:
• Factor of knowledge: something you know (for example, password)
• Possession factor: something you have (for example, smart card)
• Inheritance factor: something that you are (eg, biometrics)
For stronger authentication, multiple factors can be combined. For example, to get cash at an ATM, you must have a card and enter a PIN. Similarly, many online services require you to enter a code sent to a hardware token after entering your user name and password. Both are examples of the first two factors. However, such multi-factor authentication is often complicated and inconvenient, and neither of the first two factors verifies the physical presence of the authorized user: a requirement increasingly required by both the services and their users. Secure multi-factor authentication must always require the presence of the user, therefore, the factor of inherence. It has been perceived that the presence of the user provides the highest level of safety, as indicated, for example, by UK government identification guidelines. An inherent factor with vividness detection would provide the required verification of user presence.
An ideal solution should not require the memorisation of passwords or codes, nor should it require the transport of any special hardware devices. Such an ideal solution is already possible, since most people today carry a mobile phone. Combined with biometrics, a mobile authenticator offers a powerful authentication solution that is strong and convenient, and ensures that the user is truly present.
For example:
• More than two-thirds of Internet users have forgotten a long or complex password at least once in the past two years
• 37% have had to ask for help with an online username or password at least once a month
A better solution is needed that provides greater security while making it easier for legitimate users to access their accounts.
Multifactor Authentication
User authentication requires verification of identity through multiple credentials. Three types of authentication factors can be used:
• Factor of knowledge: something you know (for example, password)
• Possession factor: something you have (for example, smart card)
• Inheritance factor: something that you are (eg, biometrics)
For stronger authentication, multiple factors can be combined. For example, to get cash at an ATM, you must have a card and enter a PIN. Similarly, many online services require you to enter a code sent to a hardware token after entering your user name and password. Both are examples of the first two factors. However, such multi-factor authentication is often complicated and inconvenient, and neither of the first two factors verifies the physical presence of the authorized user: a requirement increasingly required by both the services and their users. Secure multi-factor authentication must always require the presence of the user, therefore, the factor of inherence. It has been perceived that the presence of the user provides the highest level of safety, as indicated, for example, by UK government identification guidelines. An inherent factor with vividness detection would provide the required verification of user presence.
An ideal solution should not require the memorisation of passwords or codes, nor should it require the transport of any special hardware devices. Such an ideal solution is already possible, since most people today carry a mobile phone. Combined with biometrics, a mobile authenticator offers a powerful authentication solution that is strong and convenient, and ensures that the user is truly present.