Feature

User authentication options: Using two factor authentication for security

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Special manager's guide: Monitoring identities."

Download it now to read this article plus other related content.

Safe Mode: Danger Zone
While strong authentication seems failsafe, nearly all of these systems may be bypassed entirely or critically hindered by using a computer's "safe mode."

If an attacker can gain access to the desktop and run a disk editor of any type, he can search for user names and passwords that are commonly left by the authentication software in the paging or temp files of Microsoft Windows. Once he has the user name and password, he can log in as the user with whatever multifactor authentication system is deployed. Unfortunately, users often store their tokens or other authentication devices with their computer, making it easy for an intruder to gain access.

Additionally, the vendor-supplied software of a strong authentication solution must work seamlessly with your network client software. This is easy using Microsoft, but it has the greatest page file leaks. Novell, Sun Microsystems and others are not supported as well by security vendors, but tend to be more secure because they use different network authentication mechanisms.

Using two factor authentication: The time is now
Without a doubt, strong authentication can be expensive, depending on the chosen technology. But losing 20 percent or more of your share value due to a loss of consumer confidence when an executive's laptop is stolen and thousands of private data records are exposed is even more costly -- so using two factor authentication is a

    Requires Free Membership to View

suggested security practice.

Authentication technology has improved greatly over the past two years and will continue to do so. The associated software continues to be a source of failure, though it is also improving. The total cost of ownership due to administrative costs is still too high, but is dropping.

The regulations are in place, and it is time to provide our businesses and clients with a stronger sense of security via better authentication.

This was first published in August 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: