• Home
• Eagleye
• Services & Solutions
• About Us

Comparing Eagleye to Multi-Factor Authentication

Before making the comparison, multi-factor authentication must be defined.

Multi-Factor Authentication

The basic authentication factors are generally classified into three cases:

• Something the user knows (e.g., a password, a pass phrase or a personal identification number (PIN))
• Something the user has (e.g., ID card, security token, software token or cell phone)
• Something the user is (e.g., fingerprint or retinal pattern)

The traditional authentication technique utilizing a user ID and secret password is typically considered weak authentication.

Employing more than one authentication type designates multi-factor authentication.
Common implementations of two-factor authentication (T-FA) use 'something you know' (a password) as one of the two factors, and use either 'something you have' (a physical device) or 'something you are' (a biometric such as a fingerprint) as the other factor. A common example of T-FA is a bank card (credit card, debit card); the card itself is the physical "something you have" item, and the personal identification number (PIN) is the "something you know" password that goes with it.

According to proponents, T-FA could drastically reduce the incidence of online identity theft, and other online fraud, because the victim's password would no longer be enough to give a thief access to their information. However, T-FA is still vulnerable to trojan and man-in-the-middle attacks.

Strong authentication

The U.S. Government's National Information Assurance Glossary defines strong authentication as:
  Layered authentication approach relying on two or more authenticators to establish the identity of an originator or receiver of information.

Eagleye vs. Multi-Factor Authentication

The first (and perhaps foremost) difference is that Multi-Factor Authentication (M-FA) is just that: authentication. While Eagleye can be used for authentication, it's most beneficial as a continuous identity verification tool.

Authentication typically occurs once per session: to grant access to an area. This typically manifests itself in a single point of failure: once access is granted, the user has full rein of the area (regardless if the credentials were fraudulently obtained).

This is the area of security that Eagleye addresses: post authentication identity verification. With identity theft so prevalent along with the anonymity of the Internet, the authentication stage cannot be fully trusted. Additional security layers must be employed for proper protection.

True Two-Factor Authentication (T-FA) is not a viable solution for secure websites because it typically entails additional resources for each user (smart card, biometric scanner, etc). Worse, T-FA is still subject to trojans, key loggers, and man-in-the-middle attacks (as evidenced by a phishing attack against Citibank).

Internationally renowned security technologist and author Bruce Schneier reported on two-factor authentication saying, "[Two-factor authentication] works for local login, and it works within some corporate networks. But it won't work for remote authentication over the Internet. ... Early adopters of this technology may very well experience a significant drop in fraud for a while as attackers move to easier targets, but in the end there will be a negligible drop in the amount of fraud and identity theft."

Kolnos Eagleye Product Page