|
|
|
|
|
|
by specialist
2997 days ago
|
|
|
Sorry, I wasn't being clear. If the finger print is what you are, and password is what you know, then what is the "what you have"? Mostly I'm curious if that sci-fi books' "three factor auth" scheme (because I don't know what else to call it) is a feasible model. |
|
|
One possible form of "three factor auth" would be to use a passphrase for the private key, the client certificate to connect with the server over TLS, and a username/password login at the application level.
The certificate/certificate fingerprint is what you have, the password and passphrase are two things that you know. I don't know what would fit under the "what you are" category though (unless you're considering some sort of biometric based method).