Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Multi-Factor Authentication Concern

From: "Kandala, Nham" <Nham_Kandala () Keane Com>
Date: Fri, 10 Aug 2007 13:58:49 -0400
I agree with you. AFAIK, multi factor authentication refers to same person.


_________________________
Nham Kandala
Keane IT
 
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jsewell () jsewell com
Sent: Friday, August 10, 2007 8:22 AM
To: security-basics () securityfocus com
Subject: Multi-Factor Authentication Concern

I'm having an argument with someone at work about multi-factor authentication. We'll call him Bob.

Bob claims that in a multi-factor authentication system, the factors don't need to identify the same person. In other 
words, Bob thinks it's perfectly OK for the door to the data-center to open when Jim badges in, Mike scans his retina, 
and Sally enters a her PIN.

This is obviously wrong. Bob says "prove it". So I've scoured the net and books for something that describes 
multi-factor authentication as requiring that all factors identify the same person. So far, I can't find anything.

Is it so obvious that nobody has bothered to write it down, or am I wrong in my thinking?

Thanks!
Previous By Date Next
Previous By Thread Next

Current thread: