|
Something you know (Username/Password) |
100% Accurate (similar to our existing Intranet system) |
|
Something you have (Device) |
100% Accurate (once a device is registered, other user cannot use the registered device on behalf) |
|
Something you are (Face verification) |
98% Accurate (two persons who are twin cannot be differentiated) |
|
Somewhere you are (Location) |
100% Accurate (employees who are outside the desired area including a location outside the technology park, not on the desired floor at the desired building and through VPN) |
| Average time used to check-in |
Less than two seconds |
| Attempt for spoofing |
Attempt for spoofing is possible, and it depends on the security strength of each factor. In our experiment, MAC spoofing be done in general as mentioned earlier. However, the hacker does not know the target’s MAC unless it is willingly given by the targeted user. However, the hacker still needs to acquire the target’s identity of the other factors, and has to borrow the target’s device. In this scenario using BYOD, people today feel reluctant to lend their own mobile device, even for a short time. |
