Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

two factor or multi-factor authentication


  • Please log in to reply
5 replies to this topic

#1 MarkyMac

MarkyMac

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 15 January 2017 - 05:23 PM

Hello,

 

I have something I don't understand about multi-factor authentication.  Actually, this is from Comtpia's Network+ exam.  If it's not appropriate to ask here, please let me know.

 

The question is:

 

"A network administrator has decided to tighten company security after a recent data breach. The new scheme calls for a strong 10 character password, a special 4 digit pin code, and a one-time use dynamic token that is accessed via a smartphone application. Which of the following is being implemented? 
 
A. Two-factor authentication B. Biometric security C. Multi-factor authentication D. Single factor authentication"
 
Since there seem to be 3 factors, namely; password+pin code+dynamic token, which are used for authentication,
I thought the answer was C (Multi-factor authentication), but the correct answer is A. (Two-factor.)
 
Can anyone explain why this is 2-factor authentication?
 
thanks much,
 
mac


BC AdBot (Login to Remove)

 


#2 kedanli

kedanli

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 16 January 2017 - 06:22 AM

Hi there,

 

I could only guess, but imho it is because Password and pin are the same. They are both fix. Imagine you could protect an account by simply adding another (second) password to it. This wouldn't be a real two factor authentifikation. It's just a splittet secret. You could still use a phishing attack, get to know both passwords (or password an pin) and you are done. Only the one-time use dynamic token is a real second factor because you need to know a secret (password + pin) and access to the token.

 

Multi-factor authentication would be something like this: password + one time token + signature (e.g. USB stick).

 

just my two cents...


Edited by kedanli, 16 January 2017 - 06:25 AM.


#3 Xoctane

Xoctane

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 16 January 2017 - 07:39 AM

This is a bit of a trick question because two-factor authentication is a subset of multi-factor authentication—all two-factor auth is multi-factor auth but not vice versa.

 

Now, I think kedanli's guess was correct: It is only two-factor because both the password and the pin are something you know, but the phone-generated token is something you haveKnowledge is just one factor in multi-factor authentication; a biometric test would be another factor, for example.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:31 AM

Posted 16 January 2017 - 08:35 AM

Multi-factor - Two-factorauthentication

Multi-factor authentication (MFA) is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are). Two-factor authentication (2FA) is a method of confirming a user's claimed identity by utilizing a combination of two different components. Two-factor authentication is a type of multi-factor authentication.


Two-Factor vs. Multi-Factor Authentication

All two-factor authentication (2FA) is multi-factor authentication (MFA), but not all MFA is 2FA...Multi-factor authentication (MFA) is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism typically at least two of the following categories: knowledge (something they know); possession (something they have), and inherence (something they are). 2FA is a subset of that. Just a type of MFA where you only need two pieces of evidence two factors.


Two-Factor vs. Multi-Factor Authentication: Whats the Difference?

Two-factor authentication is a bit more complicated. In addition to your password/username combo, youre asked to verify who you are with something that you and only you own, such as a mobile phone. Put simply: it uses two factors to confirm its you...Multi-factor authentication. In addition to the password/username combo, multi-factor authentication requires that users confirm a collection of things to verify their identity usually something they have, and a factor unique to their physical being think retina or fingerprint scan. Other forms of authentication can include location and the time of day.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 MarkyMac

MarkyMac
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 16 January 2017 - 06:12 PM

Thank you so much to all for clarifying this for me!!!

Now this makes total sense.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:31 AM

Posted 16 January 2017 - 06:59 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users