top of page
Domain 5: Identity and Access Management
Study Notes
Multi-Factor Authentication
Type 1
Something You Know

Resides in your BRAIN
-
Passwords, pass phrases, PIN, door code
-
WEAKEST form of authentication
-
Tough to remember passwords
-
Users tend to choose easy passwords
-
Easy to guess if applicable
-
Written on Post-Its (BAD!)
-
Brute-force attacks always work
-
Try to make passwords phrases
-
"EyeLov3CI$$P7254&"​
-
​
Type 2
Something You Have

Two-Factor Authentication
Something You Have
Something You Are


Something You Have
Something You Know


Something You Are
Something You Know


Something you POSSESS
-
Smart cards
-
Tokens (Synchronous/Asynchronous)
-
Private Keys
​
Type 3
Something You Are

What you are BORN with
-
Retina or Iris scan
-
Fingerprints
-
Handwriting style
-
SUPER sophisticated, but SUPER expensive
​
bottom of page