strong authentication
   HOME

TheInfoList



OR:

Strong authentication is a notion with several definitions.


Strong (customer) authentication definitions

Strong authentication is often confused with
two-factor authentication Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
(more generally known as
multi-factor authentication Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
), but strong authentication is not necessarily multi-factor authentication. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves 'something you have' or 'something you are', it would not be considered multi-factor authentication. The
FFIEC The Federal Financial Institutions Examination Council (FFIEC) is a formal U.S. government interagency body composed of five banking regulators that is "empowered to prescribe uniform principles, standards, and report forms to promote uniformity ...
issued supplemental guidance on this subject in August 2006, in which they clarified, "By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple solutions from the same category ... would not constitute multifactor authentication." Another commonly found class of definitions relates to a
cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
process, or more precisely, authentication based on a challenge–response protocol. This type of definition is found in the Handbook of applied cryptography. This type of definition does not necessarily relate to two-factor authentication, since the
secret key A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key ...
used in a challenge–response authentication scheme can be simply derived from a password (one factor). A third class of definitions says that strong authentication is any form of authentication in which the verification is accomplished without the transmission of a
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
. This is the case for example with the definition found in the
Fermilab Fermi National Accelerator Laboratory (Fermilab), located just outside Batavia, Illinois, near Chicago, is a United States Department of Energy national laboratory specializing in high-energy particle physics. Since 2007, Fermilab has been operat ...
documentation. The fourth class, which has legal standing within the
European Economic Area The European Economic Area (EEA) was established via the ''Agreement on the European Economic Area'', an international agreement which enables the extension of the European Union's single market to member states of the European Free Trade As ...
, is Strong Customer Authentication. The Fast IDentity Online (FIDO) Alliance has been striving to establish technical specifications for strong authentication and has 250 members and over 150 certified products. Thus, the term ''strong authentication'' can be used as long as the notion ''strong'' is defined in the context of use.


See also

* 3-D Secure *
Electronic authentication Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication proc ...
*
EMV EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for " Europay, Mastercard, and Visa", the three companies that created th ...
*
FIDO Alliance The FIDO ("Fast IDentity Online") Alliance is an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that "help reduce the world’s over-reliance on passwords". FIDO addres ...
*
Initiative for Open Authentication Initiative for Open Authentication (OATH) is an industry-wide collaboration to develop an open reference architecture using open standards to promote the adoption of strong authentication. It has close to thirty coordinating and contributing memb ...
*
Reliance authentication Reliance authentication is a part of the trust-based identity attribution process whereby a second entity relies upon the authentication processes put in place by a first entity. The second entity creates a further element that is unique and speci ...
*
Self-sovereign identity Self-sovereign identity (SSI) is an approach to digital identity that gives individuals control over the information they use to prove who they are to websites, services, and applications across the web. Without SSI, individuals with persistent ...


References

{{DEFAULTSORT:Strong Authentication Computer access control Authentication methods