Multi-Factor Authentication Concern
- From: jsewell@xxxxxxxxxxx
- Date: 10 Aug 2007 15:21:32 -0000
I'm having an argument with someone at work about multi-factor authentication. We'll call him Bob.
Bob claims that in a multi-factor authentication system, the factors don't need to identify the same person. In other words, Bob thinks it's perfectly OK for the door to the data-center to open when Jim badges in, Mike scans his retina, and Sally enters a her PIN.
This is obviously wrong. Bob says "prove it". So I've scoured the net and books for something that describes multi-factor authentication as requiring that all factors identify the same person. So far, I can't find anything.
Is it so obvious that nobody has bothered to write it down, or am I wrong in my thinking?
Thanks!
- Follow-Ups:
- Re: Multi-Factor Authentication Concern
- From: Yves Bourdic
- Re: Multi-Factor Authentication Concern
- From: Chris Barber
- RE: Multi-Factor Authentication Concern
- From: Kandala, Nham
- Re: Multi-Factor Authentication Concern
- From: Kevin Wilcox
- Re: Multi-Factor Authentication Concern
- From: Nick Owen
- RE: Multi-Factor Authentication Concern
- From: Dan Denton
- RE: Multi-Factor Authentication Concern
- From: Dutton, Larry
- Re: Multi-Factor Authentication Concern
- Prev by Date: RE: HTTPs web-balancing
- Next by Date: Re: Risks/dangers of unauthorized web proxy
- Previous by thread: HTTPs web-balancing
- Next by thread: RE: Multi-Factor Authentication Concern
- Index(es):
Relevant Pages
|
