Authentication method | Advantages | Disadvantages | |
---|---|---|---|
Knowledge-based authentication [22] | Static knowledge-based authentication | No need for hardware Low implementation cost High user convenience | Less secure than the other authentication methods Vulnerable to various attacks, such as shoulder surfing attacks and smudge attacks |
Dynamic knowledge-based authentication | Better security than the static knowledge-based authentication Questions and answers based on the user’s personal information; no need to set password | Users must memorize their own records because they will not know the questions in advance Malicious users can access via the exposed personal information of other users | |
Possession-based authentication [23] | Hardware type | Better security than the knowledge-based authentication method | Users must possess separate hardware, such as a One Time Password (OTP) terminal If the terminal is lost, it can lead to security threats |
Software type | Better security than the knowledge-based authentication method Higher portability and convenience compared to the hardware type of possession-based authentication | High risk of leakage because it is stored in a logical storage medium | |
Inherence-based authentication [22] (Biometric-based authentication) | Based on the user’s physical characteristics | Authentication based on various parts of the user’s body, such as face recognition, iris recognition, fingerprint recognition, vein recognition, and heart rate and ECG recognition High security High convenience | Difficult to implement and manage High cost Data loss due to physical recognition error |
Based on the user’s physical behaviors | Authentication based on the recognition of the user’s behaviors, including voice, typing rhythm, signature pattern, signature pressure, and user motion High security High convenience | Difficult to implement and manage High cost Vulnerable to a recorded voice Difficult to set the recognition tolerance range | |
Multi-factor authentication [22] | Higher security compared to single-factor authentication Reduced masquerade threat | Vulnerable to man-in-the-middle attacks Difficult to implement and manage High cost |