[CCCure CISSP] Two factor vs. Biometrics

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Two factor vs. Biometrics

Greenlee, Arthur C CTR
All,
        I came across a unique CCCure question (#1996) in my studies and I wanted to get your thoughts.

Here is the question with the associated choices:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The best technique to authenticate to a system is to:

>Establish biometric access through a secured server or Web site.
>Ensure the person is authenticated by something he knows and something he has.
>Maintain correct and accurate ACLs (access control lists) to allow access to applications.
>Allow access only through user ID and password.

The correct answer is: Ensure the person is authenticated by something he knows and something he has.

The reasoning given for why the biometrics choice was not correct was because:

"This is a single factor authentication and it could be weaker than two factors, in most cases it is."
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I have been under the impression that biometrics has always trumped any other type(s) of authentication. Is that a bad assumption on my part?

Thanks,
Art

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Two factor vs. Biometrics

Leif Palmer
Hi Art,
 
Don't go deeper than the answer indicates. The biometric answer is but a "single factor" that is being used. It simply states biometric (1 factor only) being used with a secure server. A secure server is NOT an authenticating means.
 
Whereas the correct answer indicates 2 of the three factors that are "preferred" when using multi-factor authentication. In this case, something the user knows and has.
 
Hope this helps. Good luck!
 
Respectfully,

Leif Palmer

From: "Greenlee, Arthur C CTR" <[hidden email]>
To: [hidden email]
Sent: Friday, March 1, 2013 1:29 PM
Subject: [CCCure CISSP] Two factor vs. Biometrics

All,
    I came across a unique CCCure question (#1996) in my studies and I wanted to get your thoughts.

Here is the question with the associated choices:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The best technique to authenticate to a system is to:

>Establish biometric access through a secured server or Web site.
>Ensure the person is authenticated by something he knows and something he has.
>Maintain correct and accurate ACLs (access control lists) to allow access to applications.
>Allow access only through user ID and password.

The correct answer is: Ensure the person is authenticated by something he knows and something he has.

The reasoning given for why the biometrics choice was not correct was because:

"This is a single factor authentication and it could be weaker than two factors, in most cases it is."
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I have been under the impression that biometrics has always trumped any other type(s) of authentication. Is that a bad assumption on my part?

Thanks,
Art

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org