Select Page

Type 2 Authentication: Something a User Has

CISSP

Description: Type 2 authentication involves physical devices that a user possesses, which can be used to authenticate their identity. These devices offer an additional layer of security beyond something a user knows (Type 1).

Examples:

  • Key: A physical key used to unlock doors or access physical locations.
  • Swipe Card/Access Card/Badge: Cards that can be swiped or scanned to grant physical or logical access. Often used in conjunction with a PIN or password for two-factor authentication.
  • Tokens: Devices that generate or store authentication data.

Types of Tokens:

  1. Static Password Token:
    • Description: The user authenticates to the token, and the token then authenticates to the information system. This token typically contains a static password or other credentials that are used repeatedly.
    • Example: Smart cards that contain a static digital certificate or key.
  2. Synchronous (Time-Based) Dynamic Tokens:
    • Description: These tokens generate a dynamic, one-time password (OTP) that changes at regular intervals, typically based on time synchronization between the token and the authentication server.
    • Example: SecureID tokens that display a new OTP every 60 seconds.
  3. Asynchronous (Not Time-Based) Tokens:
    • Description: These tokens generate a dynamic password in response to a challenge from the server. The server sends a nonce (a random value), which the token uses to generate a one-time password. When combined with a PIN, this method provides strong authentication.
    • Example: Tokens that use challenge-response authentication, where the user enters a challenge provided by the system into the token, which then generates a response to be entered back into the system.
  4. Challenge/Response Tokens:
    • Description: These tokens generate a response to a challenge provided by a system or workstation. The challenge may be a random number or a specific request, and the token provides a corresponding response.
    • Types:
      • Synchronous: Relies on timing mechanisms, such as a time-synchronized challenge and response.
      • Asynchronous: Based on a non-timed challenge provided by the server, with the token generating a response to that specific challenge.

Key Concepts:

  • Time Synchronization: Critical for synchronous tokens, where the token and the server must be in sync for the authentication to be successful.
  • Nonce: A random value sent by the server to the token in asynchronous systems, ensuring that each authentication attempt is unique.
  • Strong Authentication: Combining Type 1 (something you know) with Type 2 (something you have) creates a strong authentication mechanism, making it more difficult for attackers to compromise.

Type 2 authentication methods enhance security by requiring possession of a physical device, which must be combined with knowledge (e.g., a PIN) to access systems or data.

Latest Post:

Pin It on Pinterest