Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Authentication uses three primary elements: Something You Know (This would inclu

ID: 3873984 • Letter: A

Question

Authentication uses three primary elements:

Something You Know (This would include something only the person attempting to connect would know; an example is Passwords)

Something You Have (This would include something that the person attempting to connect would have; an example is a Cell Phone)

Something You Are (This would include something that the person attempting to connect would be; an example is fingerprints)

which of the three elements you think is the best method for authentication. Include a rationale behind your answer as to why you think this is the most secure method of identifying yourself to a device, service, or application. Discuss why you think one of the other methods is vulnerable and provide an example.

Explanation / Answer

Before going into the explanation part, Lets discuss what are the possible types of authentication:

Using only one of these types for authentication is called Single Factor Authentication(SFA). Now lets discuss some advantages and disadvantages of SFA.

Advantages

===========

Disadvantages

====================

Because of these shortcomings of SFA, many companies like Google, Facebook, Apple, Microsoft, Twitter, etc have recently adopted Two Factor Authentication(2FA). 2FA adds one more level of authentication over the SFA. For example, when someone tries to login to corporate Twitter account, in addition to username/password combination, it also delivers SMS to the device for second level of authentication.

"Twitter made the decision to use SMS [to deliver its second factor] because it makes sense from their position," said Jon Oberheide, chief technology officer of Duo Security, which uses apps to prove identity. SMS is "universal in some respects; all you need is a mobile phone."

2FA definitely makes your application more secure and depending on its implemenation and ease, it can be a minor inconvenience or a major pain for the user. It also depends on the user's patience and willingness to spend extra time for extra security.

Because of the same reason, Google has also moved to 2FA authentication. Due to the critical nature of the data in a Google account, whenever you try to login in to your account from a different device, first you have to enter your email and password. After successful authentication, you require to add a special code which is sent over SMS to the number which you have linked to your account. Doing so, Google ensures both Device Authentication and Password Authentication. Not only this, Google also sends a notification to your linked device that a new device has login to your account. Do you trust this device?

Hence, to decide which type of authentication is best suited for a service or application, it totally depends on the application requirement. If your application can work with less security but needs optimized performance, like Netflix, Spotify, etc, then you can go ahead with SFA. Now in my opinion, one can go ahead with Fingerprint or Voice Print for SFA, as it requires least user interaction. Again, most companies are using the tradional Userid/password for SFA. But, some companies like Google have already started accepting Fingerprint to login to their services. I think using device for SFA would be worst because if your phone gets stolen, one can easily get access to you applications.

Whereas if your application needs high security compared to Performance, like most banking apps and wallets(ex, PayPal), 2FA would be more suited. Using 2FA for authentication not only increases the application security, but also gives user faith that their money is safe. I think like most companies think, PIN/Passowrd or Fingerprint/Voiceprint + Device authentication is the best option. This is because using Pin/Password or Fingerprint guarantees User Authentication and Device Authentication verifies the source from which the application is accessed can be trusted.

Related Questions

Austin Co. manufactures a product called Aster in a three-process series. All ma
Question #2558139
Austin Co., manufactures a product called Aster in a three-process series. All m
Question #2508825
Austin Community College Chemistry Chem 1111 Pre-Lab Assignment Solution Sleuth
Question #497835
Austin Company began year 2011 with 33000 units of product as of January 1 inven
Question #2372405
Austin Company has the following securities in its portfolio of trading equity s
Question #2591577
Austin Company is investigating four different investment opportunities. Informa
Question #2375817
Austin Company is investigating four different investment opportunities. Informa
Question #2376309
Austin Company is investigating four different investment opportunities. Informa
Question #2417081

Navigate

Previous
Authentication under modern Unix systems is handled by the Pluggable Authenticat
Next
Authentication with JSP and Java Write a web application to authenticate the use

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.