Two-Factor Authentication: When Passwords Aren't Enough
August 13, 2007 12:00 AM ET
Page 1 of 3
For years, the core of IT security has rested on a single pedestal: the password. For almost as long, security experts have recognized that passwords alone are extremely vulnerable. This opened the door for strong authentication, which requires that passwords be reinforced with a second authenticating factor, whether it be a hardware token, a fingerprint, or something else.
When you boil it down to basics, there are three ways to authenticate someone: something they know, something they have, or something they are. "Something they know"—also known as a password—will almost always be the first of the factors in a two-factor authentication solution. Most strong authentication business solutions rely on "things they have"—hardware tokens or software PKI certificates offered by vendors like RSA, VeriSign, Aladdin and CRYPTOcard. "Things they are," biometric solutions, include fingerprint, voice, face and iris recognition. Collectively, biometric technologies represent a small but growing percentage of strong authentication deployments; significant vendors include Bioscrypt, BioPassword, DigitalPersona, L-1 Identity Solutions, LG Electronics and NEC.
When PC maker Lenovo last year introduced built-in fingerprint scanners in ThinkPads, it brought into the mainstream a strong authentication option that once seemed unobtainable for most businesses. While still not the type of technology that's being embraced throughout the market, two-factor authentication is gathering steam, and finding its way into the conversation between solution providers and their customers.
"It is a growing area, particularly in health care and especially when a system has to be in a completely secure environment," said Sami Siddiqi, CEO of Zezan Data Center, a Naperville, Ill.-based solution provider. Siddiqi said he is delivering two-factor authentication solutions particularly to small and midsize customers in all aspects of their IT that reach well beyond the laptop. Siddiqi said a number of his clients are opting for this now because it's much more affordable than in the past, and compliance is more stringent.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
