When identifying, you are not always identifying that the individual is a particular person, you are identifying if the person is of a particular group.
|because knowledge can be shared
|because something can be copied (a key for instance)
To mitigate and identify the person further, you may implement - Multi-Factor Authentication (Mfa / 2fa)
- Knowing the secret handshake authenticates you as a member of the secret society.
- Having a copy of a house key authenticates you as one of a group that has access to a given house.
- I might give you enough information for you to call my bank and withdraw money from my account. When you do this, the bank thinks it is authenticating the account owner, when it is really just making sure that the person on the other end of the phone knows enough information about the account and account owner to be an authorized user of the account.