| 1 |
1FA |
User ID & Password |
No |
Very easy and user friendly |
Open Access, Basic Identity |
Multiple |
Multiple |
Simple Login Form |
One Time ID/Password may be guessed/cracked |
| 2 |
|
Use of Biometric Authentication |
No |
Difficult, Biometric devices are not available anywhere |
Social engineering/dictionary |
NO |
NO |
Finger Print Readers |
Online Systems are not matured enough |
| 3 |
|
Use of wearable sensors (ECG, EEG) |
No |
Difficult, Devices are not available anywhere |
Social engineering/dictionary |
NO |
NO |
Medical Gadgets |
Online Systems are not matured enough |
| 4 |
|
Voice signatures |
Yes |
Difficult, Devices are not available anywhere |
Social engineering/dictionary |
Voice Signature Reproduction |
Yes |
Google Voice, Nuance etc. |
Recorded data can be reproduced easily |
| 5 |
2FA |
User ID & Password, Email is used for 2FA |
Yes |
Very easy and user friendly |
User Identification & Mutual Authentication |
Email Spams |
Email may already Compromised |
Financial Transactions |
If email accountis already compromised |
| 6 |
|
User ID & Password, Mobile Phone is used for 2FA |
Yes |
Very easy and user friendly |
User Identification & Mutual Authentication |
Smart Phone Vulnerabilities |
Phone may already Compromised |
Email Services like Gmail |
If Mobile Phone is already compromised |
| 7 |
|
User ID & Password, USB is used for 2FA |
Yes |
Very easy and user friendly |
User Identification & Mutual Authentication |
Smart Phone Vulnerabilities |
Phone may already Compromised |
Gmail USB Dongle based Authentication Services |
What if USB Dongle Got Lost/Cloned |
| 8 |
3FA |
User ID & Password, Email is used for 2FA, Symmetric encryption to avoid spams is incorporated |
Yes |
Easy, but technically depends on user skill level |
User Identification & Mutual Authentication |
Key Compromises |
– |
Custom Build Authentication Frameworks. e.g., WebSeA |
If any of the factor source/services are not available |
| 9 |
|
User ID & Password, Email is used for 2FA, Asymmetric encryption is incorporated |
Yes |
Technically depends on user skill level |
Non-repudiation |
Certificate may Lost |
– |
Custom Build Authentication Frameworks. e.g., WebSeA |
If any of the factor source/services are not available |
| 10 |
3D |
3rd party acts as intermediator |
Yes |
Requires trust among parties |
Non-repudiation |
International laws may not be effective |
|
International joint Ventures like VISA and Master |
A Central DRU (Dispute Resolution Unit) Acts to resolve the issues |
| Additional Authentication Factors (AF) |
| 11 |
4th AF |
Geo Location parameter |
Yes |
Not applicable for indoor activities |
– |
Services may not be available everywhere |
IP Based Location Tracking |
EBSCO Services (SANS Patent) |
IP Cloning/Spoofing etc. |
| 12 |
5th AF |
Voice signatures |
No |
Easy, but technically depends on user skill level |
– |
Recorded data can be reproduced easily |
Sound may vary due to weather and may be reproduced |
Google Voice, Nuance etc |
|
