Skip to main content
SpringerLink
Log in

Multi-Factor Authentication

More secure approach towards authenticating individuals

  • Chapter
  • First Online:
Advances in User Authentication

Part of the book series: Infosys Science Foundation Series ((ISFSASE))

Abstract

Multi-Factor authentication (MFA) is a secure process of authentication which requires more than one authentication technique chosen from independent categories of credentials. Like single factor, multi-factor is increasingly used to verify the users’ identities in accessing the cyber system and information. MFA combines two or more types of authentication to provide better and secure way of authenticating users.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Multi-factor Authentication (2016) Accessed date: 01 Dec 2016. http://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA

  2. Multifactor authentication examples and business case scenarios (2016) Accessed date: 01 Dec 2016. URL: http://searchsecurity.techtarget.com/feature/The-fundamentals-of-MFA-The-business-case-for-multifactor-authentication

  3. Anderson T (2014) Why multi-factor authentication is a security best practice. Access date: 01 Dec 2016. URL: http://www.scmagazineuk.com/why-multi-factor-authentication-is-a-security-best-practice/article/373462/

  4. Pascual A, Miller S (2015) 2015 Identity fraud: protecting vulnerable populations. Accessed Date: 01 Dec 2016. URL: https://www.javelinstrategy.com/brochure/347

  5. Identity Theft and Cybercrime (2015) Access date: 01 Dec 2016. URL: http://www.iii.org/fact-statistic/identity-theft-and-cybercrime

  6. SafeNet (2014) 2014 authentication survey. Accessed: 01 Dec 2016. URL: http://www.safenet-inc.com/resources/data-protection/2014-authentication-survey-executive-summary/

  7. Laurello J (2013) Q&A: challenges, benefits of implementing single sign-on in hospitals. Accessed: 01 Dec 2016. URL: http://searchhealthit.techtarget.com/feature/QA-Challenges-benefits-of-implementing-single-sign-on-in-hospitals

  8. Villanueva JC (2014) 5 big business benefits of using sso (Single Sign-on). Access date: 01 Dec 2016. URL: http://www.jscape.com/blog/bid/104856/5-Big-Business-Benefits-of-Using-SSO-Single-Sign-On

  9. Blattner N (2014) Password self help—password reset for IBM i. Accessed: 01 Dec 2016. URL: http://www.ibmsystemsmag.com/pdfs/PasswordSelfHelp—Password-Reset-for-IBM-i/

  10. Peterson T (2013) Moving single sign-on (SSO) beyond convenience. Accessed: 01 Dec 2016. URL: file:///C:/Users/Abhijit/Downloads/moving-single-sign-on-beyond-convenience-13757.pdf

    Google Scholar 

  11. Lawton S (2015) Secure authentication with single sign-on (SSO) solutions. Accessed: 01 Dec 2016. URL: http://www.tomsitpro.com/articles/single-sign-on-solutions,2-853.html

  12. FIDO (2015) History of FIDO alliance. Accessed: 01 Dec 2016. URL: https://fidoalliance.org/about/

  13. FIDO (2015) Members: bringing together an ecosystem. Accessed: 01 Dec 2016. URL: https://fidoalliance.org/membership/members/

  14. FIDO (2015) Specifications overview. Accessed: 01 Dec 2016. URL: https://fidoalliance.org/specifications/overview/

  15. CA Technologies (2015) CA strong authentication. Accessed: 01 Dec 2016. URL: http://www.ca.com/us/securecenter/ca-strong-authentication.aspx

  16. CA Technologies (2013) Deliver secure, new business services in a multi-channel customer environment. Accessed date: 01 Dec 2016

    Google Scholar 

  17. CA Technologies (2015) CA strong authentication data sheet. Accessed date: 01 Dec 2016. URL: http://www.ca.com/us/~/media/Files/DataSheets/ca-strong-authentication.PDF

  18. Okta (2015) Introducing Okta adaptive MFA. Accessed date: 01 Dec 2016. URL: https://www.okta.com/product/adaptive-mfa/

  19. Okta (2015) Enabling just in time provisioning. Accessed date: 01 Dec 2016. URL: https://support.okta.com/articles/Knowledge_Article/27715118-Enabling-Just-In-Time-Provisioning?fs=RelatedArticle&l=en_US

  20. Vasco (2015) IDENTIKEY authentication server 3.8. Accessed date: 01 Dec 2016. URL: https://www.vasco.com/Images/IDENTIKEY-Authentication-Server-3.8-Datasheet-(II).pdf

  21. Vasco (2014) IDENTIKEY authentication server. Accessed date: 01 Dec 2016. URL: https://www.vasco.com/Images/Identikey_BR201401-v5.pdf

  22. Vasco (2015) IDENTIKEY authentication server. Accessed date: 01 Dec 2016. URL: https://www.vasco.com/products/server_products/identikey/ik_auth/identikey-authentication-server.aspx

  23. Dell Defender (2015) Defender: protect your perimeter with two-factor authentication. Accessed date: 01 Dec 2016. URL: http://software.dell.com/documents/defender-datasheet-29206.pdf

  24. Dell Defender (2015) Two-factor authentication made easy. Accessed date: 01 Dec 2016. URL: http://software.dell.com/products/defender/

  25. Symantec VIP (2015) Symantec validation and ID protection service (VIP). Accessed date: 01 Dec 2016. URL: http://www.symantec.com/vip-authentication-service/

  26. Symantec VIP Data Sheet (2015) Symantec™ validation and ID protection service: prevent unauthorized access to sensitive networks and applications. Accessed date: 01 Dec 2016. URL: http://www.symantec.com/content/en/us/enterprise/fact_sheets/b-validation_and_id_protection_service_DS_21213686.en-us.pdf

  27. Symantec VIP for Mobile (2012) Symantec™ VIP access for mobile. Accessed date: 01 Dec 2016. URL: http://www.symantec.com/content/en/us/enterprise/fact_sheets/b-verisign_identity_protection_access_for_mobile_DS_21172473.en-us.pdf

  28. RSA SECURID (2015) RSA authentication products. Accessed date: 01 Dec 2016. URL: http://www.emc.com/security/rsa-securid/index.htm

  29. RSA SECURID (2011) RSA SECURID® AUTHENTICATORS. Accessed date: 01 Dec 2016. URL: http://www.emc.com/collateral/software/data-sheet/h9061-rsa-securid.pdf

  30. RSA SECURID (2014) RSA SECURID® software tokens. Accessed date: 01 Dec 2016. URL: http://www.emc.com/collateral/data-sheet/h13819-ds-rsa-securid-software-tokens.pdf

  31. RSA SECURID (2014) RSA SECURID: risk-based authentication. Accessed date: 01 Dec 2016. URL: http://www.emc.com/collateral/data-sheet/h13823-ds-rsa-securid-risk-based-authentication.pdf

  32. RSA SecurID (2014) RSA SecurID: management console. Accessed date: 01 Dec 2016. URL: http://www.emc.com/collateral/data-sheet/h13822-ds-rsa-securid-management-console.pdf

  33. SafeNet (2015) SafeNet authentication service fully automated authentication as-a-Service. Accessed date: 01 Dec 2016. URL: http://www.safenet-inc.com/multi-factor-authentication/authentication-as-a-service/sas-safenet-authentication-service/

  34. SafeNet (2015) SafeNet authentication service: affordable, flexible, cloud-based authentication. Accessed date: 01 Dec 2016. URL: http://www.safenet-inc.com/resources/data-protection/safenet-authentication-service-brochure/?langtype=1033

  35. SafeNet (2015) Gemalto SafeNet authentication service: a faster, more effective way to manage authentication deployments. Accessed date: 01 Dec 2016. URL: http://www.safenet-inc.com/resources/data-protection/safenet-authentication-service-solution-brief/

  36. SecureAuth IdP (2015) SecureAuth IdP 8.0. Access date: 01 Dec 2016. URL: https://www.secureauth.com/Product.aspx

  37. SecureAuth IdP (2015) Two factor authentication: 20+ strong methods. Access date: 01 Dec 2016. URL: http://www.esecuritytogo.com/documents/secureauth_2_factor.pdf

  38. SecureAuth IdP (2015) SecureAuth IdP user access control that works for you. Access date: 01 Dec 2016. URL: http://www-304.ibm.com/partnerworld/gsd/showimage.do?id=40694

  39. SecureAuth IdP (2015) SecureAuth IdP single sign-on. Date: 01 Dec 2016. URL: https://www.secureauth.com/SecureAuth/media/Resources/SolutionBriefs/SecureAuth-Single-Sign-on.pdf?ext=.pdf

  40. SecureAuth IdP (2015) SecureAuth IdP for mobile. Access date: 01 Dec 2016. URL: https://www.secureauth.com/SecureAuth/media/Resources/SolutionBriefs/SecureAuth-IdP-for-Mobile.pdf?ext=.pdf

  41. SecureAuth IdP (2015) SecureAuth IdP Office 365. Accessed date: 01 Dec 2016. URL: https://www.secureauth.com/SecureAuth/media/Resources/SolutionBriefs/SecureAuth-IdP-for-Office-365.pdf?ext=.pdf

  42. SecureAuth IdP (2015) SecureAuth IdP authentication API. Accessed date: 01 Dec 2016. URL: https://www.secureauth.com/SecureAuth/media/Resources/SolutionBriefs/SA_SolutionBrief_API.pdf

  43. Bill Mathers (2015) What is Azure multi-factor authentication? Accessed date: 01 Dec 2016. URL: https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication/

  44. Microsoft Azure (2015) Multi-factor authentication pricing. Accessed date: 01 December 2016. URL: https://azure.microsoft.com/en-us/pricing/details/multi-factor-authentication/

  45. Collier M, Shahan R (2015) Microsoft Azure Essentials-Fundamentals of Azure. Pearson Education

    Google Scholar 

  46. Swivel (2015) Swivel: adaptable, active, authentication. Accessed date: 01 Dec 2016. URL: http://swivelsecure.com/

  47. SwivelSecure (2014) Swivel secure overview. Accessed date: 01 December 2016. URL: http://hosteu.msgapp.com/uploads/96495/Documents/Data%20Sheets/1502%20DS%20Overview%20Data%20Sheet.pdf

  48. SwivelSecure (2014) Risk based authentication. Accessed date: 01 Dec 2016. URL: http://hosteu.msgapp.com/uploads/96495/Documents/Data%20Sheets/1410_DS_Risk_Based_Data_Sheet.pdf

  49. SwivelSecure (2014) SMS based authentication. Accessed date: 01 Dec 2016. URL: http://hosteu.msgapp.com/uploads/96495/Documents/Data%20Sheets/1410_DS_SMS_Data_Sheet.pdf

  50. SwivelSecure (2014) Mobile app based authentication. Accessed date: 01 Dec 2016. URL: http://hosteu.msgapp.com/uploads/96495/Documents/Data%20Sheets/1411_DS_Mobile_App_EN.pdf

  51. SwivelSecure (2014) Token based authentication. Accessed date: 01 Dec 2016. URL: http://hosteu.msgapp.com/uploads/96495/Documents/Data%20Sheets/1410_DS_Token_Data_Sheet.pdf

  52. SwivelSecure (2014) PINpad. Accessed date: 01 Dec 2016. URL: http://hosteu.msgapp.com/uploads/96495/Documents/Data%20Sheets/1410_DS_PINpad_Data_Sheet.pdf

  53. SwivelSecure (2014) Telephony. Accessed date: 01 Dec 2016. URL: http://hosteu.msgapp.com/uploads/96495/Documents/Data%20Sheets/1411%20Telephony%20Data%20Sheet.pdf

  54. DUO Security Product Overview (2016) Accessed date: 01 Dec 2016. URL: https://duo.com/assets/pdf/Duo-Security-Product-Overview.pdf

  55. DUO Security: Two-Factor Authentication Made Easy. Accessed Date: 01 Dec 2016. URL: https://duo.com/assets/pdf/Duo-Security-Product-Datasheet.pdf

  56. NIST Cybersecurity whitepaper on Best Practices for Privileged User PIV Authentication. 21 Apr 2016. http://csrc.nist.gov/publications/papers/2016/best-practices-privileged-user-piv-authentication.pdf

  57. Ferraiolo H, Cooper D, Francomacaro S, Regenscheid A, Mohler J, Gupta S, Burr W (2014) National institute of standards and technology (NIST) special publication (SP) 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials. 10.6028/NIST.SP.800-157

  58. RSA SECURID (2007) A comprehensive introduction to RSA SecurID® user authentication. Accessed date: 01 Dec 2016. URL: http://www.ais-cur.com/IntrotoSecurID.pdf

  59. Strom D (2014) Okta verify|multifactor authentication product overview. Accessed Date: 01 Dec 2016. URL: http://searchsecurity.techtarget.com/feature/Multifactor-authentication-products-Okta-Verify

  60. RSA SECURID (2010) RSA® SecurID two-factor authentication. Accessed date: 01 Dec 2016. URL: http://www.arrowecs.co.uk/ArrowECS/media/PDF-Library/Security/RSA/RSA-SecurID.pdf

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, The University of Memphis, Memphis, TN, USA

    Dipankar Dasgupta, Arunava Roy & Abhijit Nag

Authors
  1. Dipankar Dasgupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arunava Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abhijit Nag
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dipankar Dasgupta .

Review Questions

Review Questions

Descriptive Questions

Question 1:

Define Multi-Factor authentication. Which factors are generally taken for MFA?

Question 2:

What is the issue of Single factor authentication? How can these issues be resolved through MFA?

Question 3:

What is FIDO? Briefly describe the key features of FIDO.

Question 4:

Describe the key features of UAF and U2F of FIDO framework. How does FIDO registration work?

Question 5:

What is single sign-on? Discuss three advantages of SSO.

Question 6:

What are the major disadvantages of using SSO? Name three different categories of SSO.

Question 7:

What are the four implementation steps in SSO? Describe the challenges incurred for enabling SSO.

Question 8:

Discuss any three MFA products which support SSO.

Question 9:

Discuss any three MFA products which support Mobile devices.

Question 10:

Compare the listed MFA products based on their features.

Multiple Choice Questions

Question 1:

What are the benefits of SSO? (Select all that apply)

  1. A.

    Fewer credentials that a user has to remember.

  2. B.

    The amount of time that it takes to log into different services.

  3. C.

    It does not require as much effort to think of different passwords.

  4. D.

    Single sign-on allows each service to have its own layer of protection.

Question 2:

What is it called when a user uses a service like Facebook to log into their account on a different website?

  1. A.

    Single Sign-on

  2. B.

    Multi Sign-on

  3. C.

    Social Sign-on

  4. D.

    Super Sign-on

Question 3:

Bob is about to meet Alice in a coffee shop. They will meet during rush hours. Bob wants to check his bank account on his mobile using the available free WIFI connection. The email service provider supports three types of authentication, namely login password, voice recognition, and SMS message as OTP. Which option would be the best for him to choose in this situation?

  1. A.

    Password

  2. B.

    Voice recognition

  3. C.

    SMS with OTP

  4. D.

    Security Questions

Question 4:

Amanda pricks her finger and steps away from her station for a few minutes to get something to eat because her blood sugar level was low. While she was gone, her station logged her out, and now she has to go through the process of logging back. Her company uses different biometric systems for authenticating their employees. As it was late, most of the employees left and the cleaning crew has already turned off some of the lights, so the lighting around her is not good. What is the best method of authentication for her to use?

  1. A.

    Voice Recognition

  2. B.

    Facial Recognition

  3. C.

    Fingerprint Recognition

  4. D.

    Weight Recognition

Question 5:

A construction company is looking to add multiple-factor authentication to one of their construction sites that has hundreds of workers. What would be the best combination of authentication for them to implement?

  1. A.

    Voice Recognition + Username and Password

  2. B.

    Swipe Card + Facial Recognition

  3. C.

    Facial Recognition + One-Time Password Generator

  4. D.

    Photo ID + A Name

Question 6:

Jason is the type of person who does not like to give out his personal information and is overly suspicious of other people. What would be the best authentication type for Jason?

  1. A.

    Knowledge-based Authentication

  2. B.

    Token-based Authentication

  3. C.

    Biometric Authentication

Question 7:

A hotel uses keys for locking and unlocking their doors. They now want to upgrade their system to make their visitors’ life easier and to make their hotel more sophisticated. Which option from below would be the best one for them to pick?

  1. A.

    One-time token generator

  2. B.

    Swipe card

  3. C.

    Fingerprint Scanning

  4. D.

    Password System

Question 8:

Jack is operating his laptop in the airport terminal and is connected to wireless internet. The lighting conditions are poor in that part of the terminal. Which authentication factor is the best choice for him to verify his identity?

  1. A.

    Face

  2. B.

    Voice

  3. C.

    SMS

  4. D.

    Fingerprint

Question 9:

Anna is operating her cell phone in a noisy environment and connected to the internet using her phone’s data plan. She is trying to access her financial information. Which two factors are a better choice for her at the given settings? (Select all that apply)

  1. A.

    Facial

  2. B.

    SMS

  3. C.

    Voice

  4. D.

    Password

  5. E.

    Keystroke

Question 10:

A user operates his desktop and is using wired internet connection. The workstation for that user is noisy, and the lighting condition is poor at the time. Which three-factors are better options to choose considering the surrounding conditions?

  1. A.

    Face

  2. B.

    CAPTCHA

  3. C.

    Voice

  4. D.

    Fingerprint

  5. E.

    SMS

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Dasgupta, D., Roy, A., Nag, A. (2017). Multi-Factor Authentication. In: Advances in User Authentication. Infosys Science Foundation Series(). Springer, Cham. https://doi.org/10.1007/978-3-319-58808-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-58808-7_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-58806-3

  • Online ISBN: 978-3-319-58808-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation