This section expands upon those concepts, pivoting
over to the IP??™s perspective.
?– Perspective: Do Information Cards Demonstrate
Multifactor Authentication?
Organizations can attempt to increase the security (or their con?¬?dence that the
users are who they say they are) by using additional authentication elements??”
referred to as multifactor authentication. This can range from requesting more
information from the user (in hopes that the sum of the answers is something
only the user will know), to requiring the user to provide proof of the possession
of tamper-resistant hardware (like a smartcard), or even provide a piece of biometric
data (a ?¬?ngerprint or retina scan).
It can be argued that Information Cards can be used in a similar fashion to provide
multifactor authentication, and they don??™t require specialized hardware or
drivers to operate. The user is given a managed Information Card (something
you have), and then they are required to use that with their existing authentication
(something you know or have).
When providing a token using CardSpace, the user is asserting possession of the
Information Card. However, it is important to understand the limits to the
strength of this second factor of authentication.
Pages:
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480