For 3FA, the standard options are:
- something you know – PIN or password
- something you are – fingerprint or face scan
- something you have – a phone or dongle
For most purposes that is plenty, but what if you need an extra level of security. It could be, for example, to access a Swiss bank account. Or, I propose The Vault:
The Vault is where you store documents that you would keep in a safe at home. Birth certificate, for example.
It can also be where you keep your BFF list. By mutual agreement, and retractable at any time, two people decide that each can always access the latest contact details of the other – phone, address, email, current location – when they access the vault. A good way of keeping track of relatives, for example.
The Fourth Factor is location. You select one or more physical locations that are not your work or home or family member’s home, and you are there when you set up the Vault, and you have to be there to access it.
Simple, and easily done via any phone, and to steal that fourth factor would take a lot more effort from the bad guys. 3FA should be highly safe, but 4FA feels safer, and is fine for things you only very occasionally access.
Note – location-based authentication has been invented, it just doesn’t seem to be used, or imagined to be used as above. It has been about basically being physically present at work.