Single or Multifactor. Factors concern the difference in the amount of resources required by users and by adversaries to use a system. Resources can be in the form of secret knowledge possessed by the user that nobody else is supposed to know, something the user has in his or her possession that is hard to duplicate, and something that only the user is or does and that can be measured using biometrics. The three factors (knowledge, possession, and biometrics) can be combined to increase the amount of effort required by an adversary to commit successful identity fraud. While multiple factors do provide protection against long-term credential stealing attacks, they are not the holy grail of information security. Multifactor authentication does not protect against social (e.g., phishing) or various technical attacks (e.g., session hijacking/injection attacks) [Xxxxxxxx 2005]. There are also various technological, eco- nomical, and usability limitations that delayed sector-wide acceptance of multifactor authentication [Xxxxxx et al. 2009].
Appears in 6 contracts
Samples: End User Agreement, End User Agreement, End User Agreement