Skip to main content
Log in

Three-Factor Authentication

  • Reference work entry

Definition

The use of three factors to identify, i.e., authenticate, a user. The three factors are: something the user knows (e.g., password), something the user has (e.g., token), and something the user is (e.g., biometric).

Background

The Computer Security Guidelines for Implementing the Privacy Act of 1974 (FIPS PUB 41) was the first to mention the characterization of the three factors of authentication. Carlton et al. discussed the strengths and weaknesses of these factors in detail. The authors divided the tests to authenticate a user to: (1) things that the user knows, (2) things that the user has, (3) and things that the user is.

Applications

Passwords are the most common example of the first type of authentication factors. A password is a secret information that only the authorized person knows. A password can also include a...

AltStyle によって変換されたページ (->オリジナル) /

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+
from 17,985円 /Month
  • Starting from 10 chapters or articles per month
  • Access and download chapters and articles from more than 300k books and 2,500 journals
  • Cancel anytime
View plans

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 100099
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Recommended Reading

  1. Burr WE, Dodson DF, Timothy Polk W (2006) Electronic authentication guideline. NIST Special Publication 800–863, National Institute of Standards and Technology, Gaithersburg, USA

  2. Carlton SF, Taylor JW, Wyszynski JL (1988) Alternate authentication mechanisms. In: Proceedings of the eleventh national computer security conference, Baltimore, MD, pp 333–338

  3. Cope BJB (1990) Biometric systems of access control. Electrotechnology 18(2):71–74

  4. England DM (1988) Zodiac: personal identification by signature. Computer Bulletin 4:33–34

  5. Farrow R (1991) UNIX system security. Addison-Wesley, Reading, MA

  6. Lobel J (1986) Foiling the system breakers: computer security and access control. McGraw-Hill, New York

  7. Luby M, Racko C (1989) A study of password security. J Cryptol 1(3):151–158

  8. Norman ARD (1983) Computer insecurity. Chapman and Hall, London

  9. Rankl W, Effing W (2010) Smart card handbook, 4th edn. Wiley, Chichester, UK

  10. Smith RE (2002) Authentication: from passwords to public keys. Addison-Wesley, Reading, MA

  11. Spaord EH, Weeber SA (1991) User authentication and related topics: an annotated bibliography. Technical report CSD–TR–91–086, Purdue University

  12. Vielhauer C (2006) Biometric user authentication for IT security: from fundamentals to handwriting, vol 18 of Advances in information security, chapter 4. Springer, New York, pp 77–115

Download references

Author information

Authors and Affiliations

  1. Damballa Inc., Atlanta, GA, USA

    Saeed Abu-Nimeh Dr.

Authors
  1. Saeed Abu-Nimeh Dr.

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computing Science, Eindhoven University of Technology, 5600 MB, Eindhoven, The Netherlands

    Henk C. A. van Tilborg

  2. Center for Secure Information Systems, George Mason University, Fairfax, VA, 22030-4422, USA

    Sushil Jajodia

About this entry

Cite this entry

Abu-Nimeh, S. (2011). Three-Factor Authentication. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_793

Download citation

Publish with us

Policies and ethics