What are the advantages and disadvantages of the three types of authentication credentials (something you know, something you have, and something you are)?

+ Universal - no special hardware required

+ Revocable – can cancel and create new credential if compromised

+ Hard to verify who is presenting the credential

+ May not notice compromise immediately

+ Revocable – can cancel and reissue new credential if compromised

+ Quickly notice if lost or stolen

+ Hard to verify who is presenting the credential

+ Hard to copy/mimic

+ Cannot be lost, forgotten, or stolen

+ Requires special hardware, so not universally applicable

+ User resistance. Some people may object to use of fingerprints; some culture groups may refuse face recognition, etc.

+ May create threat to privacy. For example, retina scans may reveal health conditions.

+ False rejection due to change in biometric characteristic (e.g., voice recognition may fail if have a cold).

+ Not revocable. If the biometric template is compromised, it cannot be re-issued (e.g., you cannot assign someone a new fingerprint).