If you’re planning on taking the Security+ exam, you should have a basic understanding of authentication factors such as something you are which is the strongest individual method of authentication.
For example, can you answer this question?
Q. Which type of authentication is a fingerprint scan?
A. Something you have
B. Biometric
C. PAP
D. One-time password
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.
The something you are authentication factor uses biometrics for authentication. Biometric methods are the strongest form of authentication because they are the most difficult for an attacker to falsify. In comparison, passwords are the weakest form of authentication.
Biometric Methods
Biometrics use a physical characteristic, such as a fingerprint, for authentication. Biometric systems use a two-step process. In the first step, users register with the authentication system. For example, an authentication system first captures a user’s fingerprint and associates it with the user’s identity. Later, when users want to access the system, they use their fingerprints to prove their identity. There are multiple types of biometrics, including:
- Fingerprint and thumbprint. Law enforcement agencies have used these for decades. Many laptop computers include fingerprint scanners or fingerprint readers, and they have also begun to appear on tablet devices and smartphones. Similarly, some USB flash drives include a fingerprint scanner. They can store multiple fingerprints of three or four people to share access to the same USB drive.
- Handprint. These are similar to fingerprints, but the scanners look at the whole hand. Many amusement parks sell annual passes, but they don’t want these passes shared with everyone in the neighborhood. They use biometric hand scanners to authenticate individuals as the actual owner of a pass. If someone else tries to use the pass, the scan fails.
- Palm. Palm scanners identify individuals using infrared scanners and a palm-vein pattern recognition system. A great benefit of palm scanners is that you do not need to touch the scanner, eliminating a concern with many other types of scanners. Many businesses outside of the United States are using palm scanners in businesses and fast-food restaurants. Within the United States, many hospitals have begun to use them. Vendors claim that palm-scanning systems are as much as 100 times more accurate than fingerprint-scanning systems.
- Retina. Retina scanners scan the retina of one or both eyes and use the pattern of blood vessels at the back of the eye for recognition. Some people object to the use of these scanners for authentication because they can identify medical issues, and because you typically need to have physical contact with the scanner.
- Iris. Iris scanners use camera technologies to capture the patterns of the iris around the pupil for recognition. They are used in many passport-free border crossings around the world. They can take pictures from about 3 to 10 inches away, avoiding physical contact.
Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action. You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important. Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes: Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it. If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.The 601 Version of the Study Guide
The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide is an update to the top-selling SY0-201, SY0-301, SY0-401, and SY0-501 study guides, which have helped thousands of readers pass the exam the first time they took it. It includes the same elements readers raved about in the previous four versions.
Although the use of DNA is possible in the future for authentication, it’s unlikely it’ll be used in the near term. Besides the lack of ability to identify DNA in a timely manner, most users will likely balk at having to prick their fingers to provide a blood sample to authenticate to a computer.
Remember this
The third factor of authentication (something you are, defined with biometrics) is the strongest individual method of authentication because it is the most difficult for an attacker to falsify. Biometric methods include fingerprints, retina scans, and palm scanners.
You might like to take a look at these other blog posts on authentication:
Q. Which type of authentication is a fingerprint scan?
A. Something you have
B. Biometric
C. PAP
D. One-time password
Answer is B. A fingerprint scan is a biometric method of authentication in the something you are factor of authentication.
The something you have factor of authentication refers to something you can hold, such as a hardware token for a one-time password.
Password Authentication Protocol (PAP) is an authentication method that sends passwords across the network in cleartext.
