mailing list archives
Multi-Factor Authentication Concern
From: jsewell () jsewell com
Date: 10 Aug 2007 15:21:32 -0000
I'm having an argument with someone at work about multi-factor authentication. We'll call him Bob.
Bob claims that in a multi-factor authentication system, the factors don't need to identify the same person. In other
words, Bob thinks it's perfectly OK for the door to the data-center to open when Jim badges in, Mike scans his retina,
and Sally enters a her PIN.
This is obviously wrong. Bob says "prove it". So I've scoured the net and books for something that describes
multi-factor authentication as requiring that all factors identify the same person. So far, I can't find anything.
Is it so obvious that nobody has bothered to write it down, or am I wrong in my thinking?
- Multi-Factor Authentication Concern jsewell (Aug 10)