Shibboleth (computer security)

From Wikipedia, the free encyclopedia

For other uses, see Shibboleth (disambiguation).

Within the field of computer security, the word shibboleth is sometimes used^{[citation needed]} with a different meaning than the usual meaning of verbal, linguistic differentiation. The general concept of shibboleth is to test something, and based on that response to take a particular course of action. This principle is frequently used in computer security. The most commonly seen usage is logging on to a computer with a password. If the password is entered correctly, the user can log on to the computer; if the password entered is incorrect password, access is blocked.

There are various classes of computer security-related shibboleth.

Class 1: Something known; perhaps a password or another fact.
Class 2: Something held; a card or a physical tag of some kind.
Class 3: Something that is; a biometric feature such as a fingerprint or an iris scan.

The three classes are also jokingly referred to as "something you forget," "something you lose," and "something you cease to be."

In general, it is considered more secure to combine various classes of shibboleth, rather than using the approach of just requiring a class 1 shibboleth that is common today. So for example, a high security system might require an authorized user to login by entering a password, providing an encoded card, and passing a biometric test.