Multi-factor authentication is an approach implemented in security systems to provide redundancy in security, such as in digital transactions. For example, under the multi-factor authentication scheme, before a transaction (e.g., a login or an electronic purchase) is authorized, a user must correctly produce or demonstrate possession or control of two or more of:
A possession factor, i.e., something the user has;
A knowledge factor, i.e., something the user knows; and
An inherence factor, i.e., something the user is.
A conventional two-factor authentication based on a possession factor and a knowledge factor is one approach that may be taken. For example, this approach is implemented in various financial instruments, such as the use of automatic teller machine (ATM) cards at a point of sale (POS), where a user must possess the ATM card and know the correct personal identification number (PIN) associated with the ATM card in order to gain access. For another example, a security token password managers, such as in RSA Security's SecureID token, a user provides a numeric sequence generated and displayed by the token and a password or PIN from the user's memory in order to gain access to an electronic system.
While the conventional two factor authentication systems do provide a high level of security, entering the required credentials is inconvenient (e.g., tedious and/or time consuming). Even if the presentation of the possession factor (i.e., “something you have”) is automated, e.g., with a swipe of a magnetic strip or the USB connection of a security token, requirement of regular presentation of the knowledge factor (i.e., “something you know”) can be frustrating for a user.
The figures depict various embodiments for purposes of illustration only. One skilled in the art will readily recognize from the following discussion that alternative embodiments of the structures and methods illustrated herein may be employed without departing from the principles described herein.