Q

What are the criteria for a strong authentication system?

In this Q&A, identity management and access control expert, Joel Dubin examines what components are necessary to create any secure authentication system.

What are the components of a strong authentication system?
A "strong" authentication system can be defined in many ways, but the real answer to a solid authentication program lies in risk assessment. Before choosing any authentication system or its components, take a hard look at what you're trying to protect and the level of protection it demands.

Risk assessment is a vast topic and has been the subject of entire books. But the basic parts of a risk assessment include the following questions:

  • What type of data are you protecting? Is it sensitive customer information that, if stolen, could open your customers to identity theft? Is it confidential company plans? Or is it just promotional information freely available to the public in company brochures?
  • What types of systems are you trying to protect? Are they network resources that, if maliciously accessed, could shut down or cause financial damage to your company? Or are they smaller, isolated systems used for testing?
  • Who are your users? Are they strictly employees, or are they thousands of customers?
  • Does your company have a Web site? Is it used for transferring money, or just brochureware?

Once you've assessed the risk, you can then decide how strong your authentication tools need to be.

The bare minimum components of any access management system should include a user ID and password. Beyond that, the best approach is to enhance your security with additional layers of protection.

Additional layers of protection could include any of the following:

Again, there is no cut-and-dried formula. You can use one of the above devices or a combination of them. Pick and choose based on a thorough risk analysis of your systems and users.

More information:

  • Find out which authentication devices will enhance your laptop security.
  • Learn how to conduct a risk analysis.

  • This was first published in December 2006

    Dig deeper on Two-Factor and Multifactor Authentication Strategies

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close