...
AuthN Type Number | Authentication Factor | Resistance to Threat | ||||
---|---|---|---|---|---|---|
Theft (Phishing, etc.) | Theft via Dynamic MITM Phishing | Guessing / Offline Cracking | MFA Device Compromise | User Workstation Compromise | ||
1 | Password | Low | Low | Depends | n/a | Low |
2 | Phone call - See Voice Requirements 1 | Low | Low | High | Low | High |
3 | Phone call (VoIP) - See Additional VoIP Restrictions 2 | Low | Low | Medium | Low | High |
4 | SMS | Low | Low | High | Low | High |
5 | SMS (VoIP) See VoIP restrictions 2 | Low | Low | Medium | Low | High |
6 | HOTP cell phone software 1,3 | Medium | Low | High | Medium | High |
7 | TOTP cell phone software 1,3 | Medium | Low | High | Medium | High |
8 | HOTP token | Medium | Low | High | High | High |
9 | TOTP token | Medium | Low | High | High | High |
10 | HOTP written (back up codes) | Low | Low | High | High | Low |
11 | DUO Push | High | Low | High | Medium | High |
12 | FIDO U2F token with password | High | High | High | High | High |
13 | PKI device certificate with device password | High | High | High | High | Medium |
14 | PKI token certificate wth token password | High | High | High | High | High |
...