Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 129

Everyone who has used a modern computer system is familiar with the first type of authentication factor, “something you know.” Common forms of this authentication factor include passwords, passphrases, personal identification numbers (PINs), and security questions. Some systems also ask users to authenticate themselves by confirming recent activity on the system, such as the last three transactions on a bank account. All of these forms assume that human memory and willpower can provide a reasonable degree of protection for the chosen type of “secret knowledge” used as the factor.

Note that the more complex and secure you try to make your Type 1 factor implementations, the more you risk transforming into something the user has instead, by making the temptation to write it down somewhere too great to pass up. By the same token, a password manager such as LastPass is another device (albeit a software one) being used as the source of the authentication factor, rather than the human being's own memory. That said, current practice treats the use of password or passphrase managers as being part of the Type I authentication factor process and problem set.