top of page

Domain 5: Identity and Access Management

Study Notes

Multi-Factor Authentication

Type 1

Something You Know

Resides in your BRAIN

  • Passwords, pass phrases, PIN, door code

  • WEAKEST form of authentication

  • Tough to remember passwords

  • Users tend to choose easy passwords

  • Easy to guess if applicable

  • Written on Post-Its (BAD!)

  • Brute-force attacks always work

  • Try to make passwords phrases

    • "EyeLov3CI$$P7254&"​

Type 2 

Something You Have

Two-Factor Authentication

Something You Have

Something You Are

Something You Have

Something You Know

Something You Are

Something You Know

Something you POSSESS

  • Smart cards

  • Tokens (Synchronous/Asynchronous)

  • Private Keys

Type 3 
Something You Are

What you are BORN with

  • Retina or Iris scan

  • Fingerprints

  • Handwriting style

  • SUPER sophisticated, but SUPER expensive

bottom of page