Page 1 of 3
For years, the core of IT security has rested on a single pedestal: the password. For almost as long, security experts have recognized that passwords alone are extremely vulnerable. This opened the door for strong authentication, which requires that passwords be reinforced with a second authenticating factor, whether it be a hardware token, a fingerprint, or something else.
When you boil it down to basics, there are three ways to authenticate someone: something they know, something they have, or something they are. "Something they know"—also known as a password—will almost always be the first of the factors in a two-factor authentication solution. Most strong authentication business solutions rely on "things they have"—hardware tokens or software PKI certificates offered by vendors like RSA, VeriSign, Aladdin and CRYPTOcard. "Things they are," biometric solutions, include fingerprint, voice, face and iris recognition. Collectively, biometric technologies represent a small but growing percentage of strong authentication deployments; significant vendors include Bioscrypt, BioPassword, DigitalPersona, L-1 Identity Solutions, LG Electronics and NEC.
When PC maker Lenovo last year introduced built-in fingerprint scanners in ThinkPads, it brought into the mainstream a strong authentication option that once seemed unobtainable for most businesses. While still not the type of technology that's being embraced throughout the market, two-factor authentication is gathering steam, and finding its way into the conversation between solution providers and their customers.
"It is a growing area, particularly in health care and especially when a system has to be in a completely secure environment," said Sami Siddiqi, CEO of Zezan Data Center, a Naperville, Ill.-based solution provider. Siddiqi said he is delivering two-factor authentication solutions particularly to small and midsize customers in all aspects of their IT that reach well beyond the laptop. Siddiqi said a number of his clients are opting for this now because it's much more affordable than in the past, and compliance is more stringent.