Multi-factor authentication is a method of confirming a user's identity only after successfully presenting two or more factors to an authentication mechanism. The factors may include: knowledge, something the user and only the user knows; possession, something the user and only the user has; and inherence, something the user and only the user is. Two-factor authentication is one type of multi-factor authentication. It is a method of confirming a user's claimed identity by utilizing a combination of two factors. For example, a two factor authentication may be required for withdrawing money from an automated teller machine: only the correct combination of a bank card, something that the user possesses, and a personal identification number, something that the user knows, allows the automated teller transaction to be carried out.
As something inherent to the user, biometric factors are being increasingly used as one factor in a multi-factor authentication process because biometrics cannot easily be replicated or stolen by a third party. Physical attributes like voice, smell, fingerprints, heartbeats, facial recognition, hand geometry, and retina scanning are examples of currently used biometric factors. These factors, however, require obtrusive methodologies to be successfully used as one factor in a multi-factor authentication. For example, fingerprints and retina scans require a user to take time and effort to supply their finger or eye to an authentication mechanism. Because individuals come in a wide variety of sizes, supplying a finger or head to the authentication mechanism can be inconvenient. There is currently a need for less obtrusive biometric factors to use in multi-factor authentication processes.