Misplaced Pages

Strong authentication

Article snapshot taken from[REDACTED] with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
This article may be too technical for most readers to understand. Please help improve it to make it understandable to non-experts, without removing the technical details. (August 2017) (Learn how and when to remove this message)
This article or section possibly contains synthesis of material that does not verifiably mention or relate to the main topic. Relevant discussion may be found on the talk page. (April 2019) (Learn how and when to remove this message)
This article possibly contains original research. Please improve it by verifying the claims made and adding inline citations. Statements consisting only of original research should be removed. (April 2019) (Learn how and when to remove this message)
(Learn how and when to remove this message)

Strong authentication is a notion with several definitions.

Difference with two-factor authentication

Strong authentication is often confused with two-factor authentication (more generally known as multi-factor authentication), but strong authentication is not necessarily multi-factor authentication. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves "something you have" or "something you are", it would not be considered multi-factor authentication. The FFIEC issued supplemental guidance on this subject in August 2006, in which they clarified, "By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple solutions from the same category ... would not constitute multifactor authentication."

Definitions

A commonly found class of definitions relates to a cryptographic process, or more precisely, authentication based on a challenge–response protocol. This type of definition is found in the Handbook of applied cryptography. This type of definition does not necessarily relate to two-factor authentication, since the secret key used in a challenge–response authentication scheme can be simply derived from a password (one factor).

An other class of definitions says that strong authentication is any form of authentication in which the verification is accomplished without the transmission of a password. This is the case for example with the definition found in the Fermilab documentation.

An other class, which has legal standing within the European Economic Area, is Strong Customer Authentication.

The Fast IDentity Online (FIDO) Alliance has been striving to establish technical specifications for strong authentication and has 250 members and over 150 certified products.

Thus, the term strong authentication can be used as long as the notion strong is defined in the context of use.

See also

References

  1. Board of Governors of the Federal Reserve System. "Frequently Asked Questions on FFIEC Guidance on Authentication in an Internet Banking Environment, August 15, 2006" (PDF). Retrieved 22 May 2012.
  2. "Handbook of Applied Cryptography". Cacr.math.uwaterloo.ca. Retrieved 17 July 2014.
  3. "Fermilab | Home".
  4. "FIDO Alliance Passes 150 Post-Password Certified Products". InfoSecurity Magazine. 5 April 2016. Retrieved 13 June 2016.
Categories:
Strong authentication Add topic