HOME

TheInfoList



Click Here for Items Related To - Strong Authentication
OR:
Strong Authentication on:   [Wikipedia]   [Google]   [Amazon]

Strong authentication is a notion with several definitions.


Strong (customer) authentication definitions

Strong authentication is often confused with
two-factor authentication Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
(more generally known as
multi-factor authentication Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
), but strong authentication is not necessarily multi-factor authentication. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves 'something you have' or 'something you are', it would not be considered multi-factor authentication. The FFIEC issued supplemental guidance on this subject in August 2006, in which they clarified, "By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple solutions from the same category ... would not constitute multifactor authentication." Another commonly found class of definitions relates to a
cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
process, or more precisely, authentication based on a challenge–response protocol. This type of definition is found in the Handbook of applied cryptography. This type of definition does not necessarily relate to two-factor authentication, since the secret key used in a challenge–response authentication scheme can be simply derived from a password (one factor). A third class of definitions says that strong authentication is any form of authentication in which the verification is accomplished without the transmission of a
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
. This is the case for example with the definition found in the
Fermilab Fermi National Accelerator Laboratory (Fermilab), located just outside Batavia, Illinois, near Chicago, is a United States Department of Energy United States Department of Energy National Labs, national laboratory specializing in high-energy parti ...
documentation. The fourth class, which has legal standing within the
European Economic Area The European Economic Area (EEA) was established via the ''Agreement on the European Economic Area'', an international agreement which enables the extension of the European Union's single market to member states of the European Free Trade Ass ...
, is
Strong Customer Authentication Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) on payment service providers within the European Economic Area. The requirement ensures that electronic payments are performed with multi-f ...
. The Fast IDentity Online (FIDO) Alliance has been striving to establish technical specifications for strong authentication and has 250 members and over 150 certified products. Thus, the term ''strong authentication'' can be used as long as the notion ''strong'' is defined in the context of use.


See also

* 3-D Secure *
Electronic authentication Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication proc ...
* EMV *
FIDO Alliance The FIDO ("Fast IDentity Online") Alliance is an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that "help reduce the world’s over-reliance on passwords". FIDO addres ...
* Initiative for Open Authentication * Reliance authentication *
Self-sovereign identity Self-sovereign identity (SSI) is an approach to digital identity that gives individuals control over the information they use to prove who they are to Website, websites, services, and Application software, applications across the web. Without S ...


References

{{DEFAULTSORT:Strong Authentication Computer access control Authentication methods