Basic factors:
something you know: eg. password
something you have: eg. physical ID
something you are: eg. biometric
Implicit factors: where you are (physical or logical location)
Multiple factors: two-factor authentication: eg. ID & password
(eg. ATM)
Passwords: previously communicated shared secret
reusable passwords: most widely used authentication. simple to use &
implement. Needs to be easy to remember but hard to guess.
cracking: trying all combos or dictionary attack
snooping: sniffing on network
onetime passwords: HW device synchronized with server generates
passwords for each use
challenge-response password: questions or cryptographic
Biometrics: fingerprint, retina, iris, face, etc
Direct attacks: guessing & cracking
Indirect attacks: snooping, capture & replay, session hijacking.