Grade 11 ITC · Term 4 · Digital Security Textbook
Unit 2 · Protective Measures · Chapter 7

Authentication Factors

Week 3 · Day 1 · Benchmark 11.4.2.2 Apply protective measures including authentication, updates and backups
Essential question

How does a system know you are really you?

Learning objectives
  • Define authentication
  • Describe the three authentication factors
  • Classify common authentication methods by factor

Overview

Authentication is proving that you are the person you claim to be. Every login screen is an authentication challenge. Security experts group all authentication methods into three factors: something you know, something you have, and something you are. Combining factors is much stronger than adding rules to a single one.

Something You Know

Passwords, PINs and security questions. Cheapest to deploy but easiest to steal — through phishing, guessing or shoulder-surfing.

Something You Have

Phone with an authenticator app, hardware key (YubiKey), or bank card. Attackers must physically steal or clone the device.

Something You Are

Biometrics: fingerprint, face, iris, voice. Very convenient, but cannot be changed if leaked.

Activity

Classify the Methods

  1. Take the list of 10 authentication methods (password, fingerprint, OTP, face unlock, PIN, hardware key, voice, retina, USB card, pattern lock).
  2. In pairs, sort each into know / have / are.
  3. Highlight any method that uses more than one factor.
Review questions
  1. Name the three authentication factors.
    Reveal answer

    Something you know, something you have, something you are.

  2. Why is a fingerprint riskier than a password once leaked?
    Reveal answer

    You cannot change your fingerprint.

  3. Give one authentication method for each factor.
    Reveal answer

    Password (know), phone OTP (have), face unlock (are).

Take it home

List every login you used today. Beside each, mark which factor(s) were required.