Question

How to simply, yet securely authenticate physical users of cloud-based applications?

Context

Authentication of humans by machines is a problem of balancing usability and security. The combination of the traditional three factors something the user knows (secret password), something the user has (physical possession) and something that is an unique trait of the user (biometrics) provide high level of security, each imposing a different burden on the part of the user. Passwords have been the main authentication factor through the history of computing and there is a large body of knowledge pointing out to the deficiencies in the treatment of passwords by users. Physical tokens are often used as a second authentication factor.

Solution

While presenting all three authentication factors at the same time remains the most secure option, this level of security is often not required in the typical cloud application scenarios. In order to mitigate the vulnerabilities associated with passwords, multi-factor systems often include authentication levels based on the access scenarios, sensitivity level and the associated risk of the operations that the user wishes to perform; e.g. in a banking application, a user may authenticate with a fingerprint on their mobile device (2 factors) to access their accounts for viewing, but a large money transfer may require an additional input of a password or pin.