mailing list archives
Re: Multi-Factor Authentication Concern
From: Kevin Wilcox <kevin () tux appstate edu>
Date: Fri, 10 Aug 2007 13:11:59 -0400
-----BEGIN PGP SIGNED MESSAGE-----
jsewell () jsewell com wrote:
I'm having an argument with someone at work about multi-factor
authentication. We'll call him Bob.
Bob claims that in a multi-factor authentication system, the factors
don't need to identify the same person. In other words, Bob thinks
it's perfectly OK for the door to the data-center to open when Jim
badges in, Mike scans his retina, and Sally enters a her PIN.
This is obviously wrong. Bob says "prove it". So I've scoured the net
and books for something that describes multi-factor authentication as
requiring that all factors identify the same person. So far, I can't
Is it so obvious that nobody has bothered to write it down, or am I
wrong in my thinking?
Yes, it is so obvious that nobody has bothered to write it down.
Using your names, let's say all of those people are authorized to
get into the data centre. Mike watches Sally enter her PIN as they all
go in together one day. A few days later, he decides he wants to do
something horrid and blame it on Jim and Sally (childish hypothetical
situation but surprisingly not uncommon). Mike, being the nefarious
individual that he is, pockets Jim's badge and proceeds to the data
centre. He swipes Jim's badge, lets his retina get scanned then enters
Sally's PIN. That completely defeats the purpose of multi-factor
authentication because it appears as if all three individuals are
attempting to gain entry into the data centre versus authenticating a
single person (note I didn't say it defeated the authentication, just
the purpose). To *properly* authenticate Mike the system should require
*he* scan his badge, *his* retina be scanned and *his* PIN be entered.
Just my $0.02.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
-----END PGP SIGNATURE-----