What are the 4 types of authentication?

The four types of authentication claimed by some cyber security vendors are:

  1. Something you know – like a password.
  2. Something you have – like a smart card to enter a building.
  3. Something you are – like a fingerprint.
  4. Something you do – like typing speed or location.

Traditionally cyber security has thought of only 3 authentication factors. Something that you know, you have, or you are. But as vendors have tried to find new ways of measuring "something you are" they have started to measure behaviour. Specifically how people use a mobile phone or computer.

This means that strong authentication can be used on more devices. It removes the need for fingerprint scanners or cameras for facial recognition. And allows more people to access to strong authentication.

But it doesn't change the foundation of the three factors of authentication:

  1. Typing speed (something you do) is based on something you are – muscle strength.
  2. Location information (something you do) is based on something you have - a device with GPS or other location-finding apps.
  3. Connecting to a website from a specific device (something you do) is based on something you have - access to one particular phone, tablet or computer.

It’s 2021 And We Still Don’t Know How To Give Password Advice!

The Guide: CIS Security Controls v8

Related Questions

Who are highly visible people?

'Highly visible people' are the people easiest to identify in your business or school. You need to know who these people are, as they will be the ones hackers will most likely target.

Hackers are predictable. They always start by gathering as much information as possible about your organisation. This can be technical details but is increasingly focussed on the people who work for you.

Once hackers know who works for you, they use two main ways to…

Continue reading... "Who are highly visible people?"

What is a data breach event?

A data breach event is one time your team’s email and password was lost as part of a data breach. For example, Jane in sales losing her password as part of the LinkedIn data breach.

This information can show that some people in your team have lost passwords in many data breaches. Whereas other team members have lost a password only once. This can help in prioritise who could pose a more significant risk to your organisation.

Continue reading... "What is a data breach event?"