Various systems and networks require authenticating a user's identity for allowing the user access to systems, applications, and resources. For example, when a user logs onto a computing device or attempts to log into a network, the user may be prompted to provide information or identification, which is compared to information stored in a database of authorized users' information on the device or at an authentication server. If the information matches, the user is authenticated and granted authorization for access.
The information that the user provides can include one or more pieces of information that can be of one or multiple factor types. For example authentication factor types may include a knowledge factor (e.g., password, personal identification number (PIN), secret question), a possession factor (e.g., based on an item that a user has in his/her possession, such as a security token or device used in conjunction with a software token), an inherence factor (e.g., user's voice, hand configuration, heart rhythm, fingerprint, retina scan), a location factor, or a time factor.
To increase security, a system may require two-factor authentication, which requires the presentation of two authentication factors, three-factor authentication, which requires the presentation of each of the three authentication types, four-factor authentication, or five-factor authentication.
As can be appreciated, entry of a knowledge factor, such as a password can be cumbersome, particularly on certain types of devices. For example, on a gaming device where a user interacts with the device using a game controller, or on a wearable device, such as watch, where a keyboard nor a soft keyboard are provided, entry of a password can be complicated. Additionally, passwords are increasingly easy to compromise (e.g., stolen, guessed, shared, hacked), and can be challenging to remember.
Accordingly, many systems are increasingly using possession factor authentication, where a secondary device that is linked to a user is utilized for authenticating the user on a first device. To authenticate a user on a device using a secondary device, the two devices need to be associated with each other. Typically, associating a device with the secondary device is accomplished by manually pairing the two devices or manually pairing the device with an account associated with the secondary device. For example, one device may display a matrix barcode (e.g., QR code). On the other device, the user may capture an image of the matrix barcode, which would then link the two devices so authentication can be completed.