Computer systems typically “authenticate” users prior to allowing access. For example, a desktop computer may authenticate a user with a username and password. When the user provides the correct username and password, the user is “authenticated” and is allowed access to computer resources.
Authentication remains a persistent technical problem in the information technology industry. With the proliferation of untrusted applications and untrusted networks, and the increasing use of the Internet for business functions, the authentication issues have become prominent. Authentication refers to a process by which a user makes his or her identity known to a system or application which the user is attempting to access, and occasionally, also the process by which the user verifies the identity of the system being accessed. A common authentication technique involves the use of a shared username and password combination. This style of authentication is vulnerable to a number of Weaknesses. For example, passwords must be made long enough to be secure while being short enough to be memorable. Additionally, the loss of the password is sufficient to allow an attacker to gain access to the system by impersonating the user. Therefore, additional authentication techniques would find utility.
“Multifactor authentication” generally refers to a security authentication system in which more than one form of authentication is used to validate the identity of a user. For example, a webpage which asks a user to remit a single user name/password combination may be considered a “single-factor” authentication system since it requests a single datum-a username/password combination-in order to validate a user's identity. The webpage may add additional procedures, such as sending a confirmation email to the user's verified email address or matching security code(s) or user device id using Near Field Communication (NFC) tag enabled devices, in order to add additional levels of user authentication, thereby implementing a “multifactor authentication” system for the webpage as well as any computing system.