Out-Of-Band Authentication (OOBA)
Out-Of-Band Authentication is a type of Multi-Factor Authentication involving more than one channel for communication of verification factors, that are not linked to the original communication channel used to access a website, network, or cloud service. This method guards against intruders that may have access to the original communication channel used for logins and transactions.
Out-Of-Band, Multi-Factor Authentication: Second Factors
OTP, PKI, and biometric identification can be implemented as additional factors in Out-Of-Band, Multi-Factor Authentication. The first factor is the password (what you know). The second factor can be an OTP password generated by a smartphone (what you have), PKI credentials stored in a smartcard / USB Token (what you have), or a biometric identifier (who you are).
If a pin number or password is forgotten or stolen, it can be changed but biometric identification cannot. A BIOMETRIC IS NOT A SECRET (In authentication, a 'secret' can be a password, a large number, or an array of randomly chosen bytes, known only to the parties involved,). Therefore, depending on the biometric type and the level of risk for which the authentication is to be used for, multi-factor authentication with more that two factors is better. Biometrics combined with OTP and PKI digital certificates results in much stronger authentication.
One of the most common types of Out-Of-Band Authentication involves OTP passwords used in online banking transactions. Typically, a customer wishing to do an online transaction will be sent a message by cell phone with a password. This way, intruders that may have access through the original channel, will not be able to access the password sent by cell phone, because it is sent through a different communication channel. This type of authentication can be extremely effective as long as intruders have not somehow gained access to the user’s cell phone system as well.
Problem & Solution
ProtectID Whitepaper: "Out-of-Band" Multi-Factor Authentication Cloud Services