Multi-factor authentication is all about combining multiple data sources to validate identity. In classic two-factor authentication, the phrase “something you have and something you know” is often used to describe the factors. “Something you have” might be a hardware token, or a code generated by an authenticator app. “Something you know” is a passphrase.
Similarly, we could combine the two passphrase techniques shown in this chapter, where the actual passphrase given to SQLCipher for Android combines:
- A user-supplied passphrase, and
- A generated passphrase that effectively is tied to the user’s ability to authenticate against their device
Or, we could combine a user-supplied passphrase and an externally-generated token, such as via NFC-capable hardware tokens.
Or, we could combine all three: a user-supplied passphrase, a generated on-device passphrase, and a hardware token.
Or, we could come up with yet other sources of passphrase material and offer them as options.
In the end, SQLCipher for Android does not know or care how you get the passphrase or how it got assembled from individual pieces. That is up to you, as you try to strike the balance between security and usability.
Prev Table of Contents Next
This book is licensed under the Creative Commons Attribution-ShareAlike 4.0 International license.