Shibboleth (computer security)
|This article does not cite any references or sources. (December 2009)|
||It has been suggested that this article be merged into Multi-factor authentication. (Discuss) Proposed since November 2013.|
In the field of computer security, the word shibboleth means to test something, and based on that response to take a particular course of action. The most commonly seen usage is logging on to a computer with a password or other type of credential. If the password is entered correctly, the user can log on to the computer; if the password entered is incorrect, access is blocked.
There are various classes of computer security-related shibboleth.
- Class 1: Something known; perhaps a password or another fact.
- Class 2: Something held; a card or a physical tag of some kind.
- Class 3: Something that is; a biometric feature such as a fingerprint or an iris scan.
The three classes are also jokingly referred to as "something you forget", "something you lose", and "something you cease to be".
In general, it is considered more secure to combine various classes of shibboleth, rather than using the approach of just requiring a class 1 shibboleth that is common today (see defense in depth). So for example, a high security system might require an authorized user to log in by entering a password, swiping an encoded card and passing a biometric test.