Q

The pros and cons of implementing smart cards

Most infosec pros agree that smart cards create a higher level of enterprise security than passwords alone. Learn how to weigh the pros and cons of smart cards to know if they're right for your enterprise?

What are the pros and cons of using a smart card for enterprise authentication?

In a recent question regarding password strength, it was pointed out that passwords are a weak solution that require many processes and a lot of education in order to work as a strong authentication service. For strong authentication, it is agreed by most that smart cards (or two-factor authentication) are still a better choice.

Smart cards provide higher assurance levels for authentication since the user needs to provide both something they have (the smart card) and something they know (a PIN or password) to gain access. Smart cards also provide tamper-proof storage of user and account identity.

In addition, multifunction cards can serve as physical/network/system access and store certificates along with other data. By incorporating smart cards, username/password compromises are eliminated, and a person can't deny participation in a transaction due to the non-repudiation that smart card-based authentication provides.

Of course, smart card deployments have a number of issues as well. Physical issuance can be difficult for large populations of users. Legacy applications must be modified to accept smart cards in lieu of passwords, or infrastructure services must be used as initial entry points for the applications e.g. Web-access management systems, portals, SSO platforms, etc.). Enterprises must develop policies for the use, protection and collection of smart cards at employee termination. Physical and logical authentication devices and servers must share services -- something a lot of facilities and IT personnel aren't comfortable with.

And what about costs? Smart cards are physical devices and must be purchased and maintained. Smart cards, along with their configuration and management systems, require capital investment, something there may not be a lot of in the current economic climate. Finally, there's the loss issue. Since physically having a smart card is required for authentication, what does an enterprise do if an employee looses or leaves his or her smart card at an unknown or public location?

Smart cards can provide a tremendous benefit when it comes to accessing sensitive information securely, but they also require an architecture that clearly understands their use and also benefits the organization.

More on this topic

This was first published in October 2009
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close