Authentication Methods Quiz

Study Notes

Authentication Methods: Directory Services, Federation, Attestation, SMS, Push Notification, Authentication Apps, TOTP, HOTP, Phone Call, Static Codes, Smart Cards, Biometric Factors

Directory services keep all usernames and passwords in a single database, allowing for a large distributed database that is constantly replicated.
Federation provides network access to partners, suppliers, customers, etc. with SSO and allows third parties to establish a trust relationship.
Attestation proves the hardware is really yours, with remote attestation providing an operational report to a verification server.
SMS can be used as a login factor but has security issues such as phone number reassignment and message interception.
Push notification is similar to SMS but with a specialized app, still more secure than SMS but can have vulnerabilities.
Authentication apps use pseudo-random token generators for convenience, with software-based token generators available on phones.
TOTP is a common OTP method used by Google, Facebook, Microsoft, etc. with a time-based one-time password algorithm and a secret key configured ahead of time.
HOTP is a one-time password method using HMAC-based one-time password algorithm and can use hardware or software tokens.
Phone calls can provide the token but have similar disadvantages to SMS.
Static codes are authentication factors that don't change, such as personal identification numbers or passwords.
Smart cards are integrated circuit cards commonly used for credit cards and access control, requiring a physical card and using a digital certificate with multiple factors.
Biometric factors include fingerprint, retinal, iris, voice, facial recognition, gait analysis, and vascular scanners, with different acceptance rates such as false acceptance rate, false rejection rate, and crossover error rate.