On redundancy: “two is one, one is none”. It’s best to have copies of critical things in case they break or go missing, e.g. an extra cell phone.
On authentication: “something you know, have, and are”. These are three categories of ways you can authenticate yourself.
Something you know: password, PIN
Something you have: key, phone with 2FA keys, YubiKey
Something you are: fingerprint, facial scan, retina scan
On backups: the “3-2-1” strategy.
Maintain 3 copies of your data:
2 on-site but on different media (e.g. on your laptop and on an external drive) and
1 off-site (e.g. in the cloud).
Inspired by these concepts, I propose the “2/3” model for authentication:
Maintain at least three ways you can access a system (something you have, know, and are). If you can authenticate yourself using at least 2 out of the 3 ways, you’re allowed to access the system.
This prevents both false positives (hackers need to breach at least two methods of authentication) and false negatives (you don’t have to prove yourself using all methods). It provides redundancy on both fronts.
Edit: I’ve expanded this into a full post.
Three related concepts.
On redundancy: “two is one, one is none”. It’s best to have copies of critical things in case they break or go missing, e.g. an extra cell phone.
On authentication: “something you know, have, and are”. These are three categories of ways you can authenticate yourself.
Something you know: password, PIN
Something you have: key, phone with 2FA keys, YubiKey
Something you are: fingerprint, facial scan, retina scan
On backups: the “3-2-1” strategy.
Maintain 3 copies of your data:
2 on-site but on different media (e.g. on your laptop and on an external drive) and
1 off-site (e.g. in the cloud).
Inspired by these concepts, I propose the “2/3” model for authentication:
This prevents both false positives (hackers need to breach at least two methods of authentication) and false negatives (you don’t have to prove yourself using all methods). It provides redundancy on both fronts.