al knows to establish identity. Examples of such knowledge include: PIN, password, mother's maiden name, or birthplace. Knowledge systems are easy to use and relatively inexpensive to implement. In addition, since users typically control the knowledge required to access the facility or equipment, there is a high level of user compliance. However, in order to be secure, knowledge systems rely on the willingness and ability of users to keep the knowledge confidential. Passwords and PINs can be stolen using trial and error. Many users are careless enough to write PIN codes on ATM cards or place post-its with passwords inside their laptops. In some cases, knowledge-based authentication codes can be stolen through simple observation (Speir 1).
In addition, even though this type of system is inexpensive to implement it is expensive to maintain. Passwords and PINs must be changed on a regular basis in order to maintain a level of security; an administrator is required to devote time to maintenance to the knowledge base. Security authenti
...