Multi-Factor Authentication Concern



I'm having an argument with someone at work about multi-factor authentication. We'll call him Bob.

Bob claims that in a multi-factor authentication system, the factors don't need to identify the same person. In other words, Bob thinks it's perfectly OK for the door to the data-center to open when Jim badges in, Mike scans his retina, and Sally enters a her PIN.

This is obviously wrong. Bob says "prove it". So I've scoured the net and books for something that describes multi-factor authentication as requiring that all factors identify the same person. So far, I can't find anything.

Is it so obvious that nobody has bothered to write it down, or am I wrong in my thinking?

Thanks!



Relevant Pages

  • Re: Multi-Factor Authentication Concern
    ... access systems are all keyed around the user object, ... Multi-factor authentication is an AND statement, not an OR, unless you ... We'll call him Bob. ... Redstone may monitor email traffic data and also the content of email for the purposes of security and staff training. ...
    (Security-Basics)
  • RE: Multi-Factor Authentication Concern
    ... Subject: Multi-Factor Authentication Concern ... We'll call him Bob. ... his retina, and Sally enters a her PIN. ...
    (Security-Basics)
  • RE: Multi-Factor Authentication Concern
    ... multi factor authentication refers to same person. ... Nham Kandala ... I'm having an argument with someone at work about multi-factor authentication. ... Bob says "prove it". ...
    (Security-Basics)
  • Re: Why Did God Allow Bob Pastorio To Live?
    ... > go again, Bob. ... It should read "Nobody is going to read this mess of a thread below; ... That's even more grievous than lying about ...
    (sci.med.nutrition)
  • Re: Why Did God Allow Bob Pastorio To Live?
    ... > go again, Bob. ... It should read "Nobody is going to read this mess of a thread below; ... That's even more grievous than lying about ...
    (sci.med)