With an increasingly dispersed work force attempting to access business critical applications from a central site and the security of these actions based on an often all-too simple password, it's no wonder that some administrators feel nervous about network security. Fortunately, if you are looking for added security for remote users accessing your network, there are technologies that can help.
Two-factor authentication remains one of the most secure ways to extend access to remote employees. Simply put, the two factors are something the user knows -- a password -- and either something they have -- a token, a mobile phone or even their own PC -- or something they are -- biometrics. Deciding to invest in this technology has a lot to do with how secure you need your network to be and whether remote employees understand this and consent to a retinal scan every time they log on. Of course, the use of two-factor authentication doesn't need to be that extreme or that expensive.
Before the technology caught up with the concept, the major stumbling block of two-factor authentication was the need for extra hardware. If every remote user needs a card reader the cost and inconvenience of two-factor authentication begins to outweigh the benefits.
So now the main competition between two-factor authentication vendors, is how to make the second factor as convenient and inexpensive as possible. The main goal is to eliminate the need for extraneous hardware. A USB-compatible key, for instance, can contain a control device that performs hashing functions, a storage area to store encrypted passwords and can plug into pretty much any piece of hardware. Similar technology is employed in smart cards, but the control device in the key eliminates the need for a card reader.
Other companies are utilizing mobile phones as the second factor of authentication. A user connects to a server with their mobile phone using a username and password, then through text messaging they are delivered a one-time-use access code to access a network. The access code is only viable for short time. Read more about this technology in this ITWorld article.
Another second-factor authentication method involves the use of software installed on a laptop or other mobile computing device that combines with a password to grant access. The computing device itself becomes the token.
There is, of course, much more to the technology that goes into these products, but one of the selling points of most is that they can be integrated seamlessly with existing security systems and are simple to administer. Most can be used in conjunction with VPNs, RAS and support 1024-bit PKI.
Below is a sampling of some of the two-factor authentication vendors grouped by the methods discussed above:
Tokens:
IKey from Rainbow
ASAS from Authenex
ActivCard
eToken from Aladdin
PC as token:
FirstAuthority DeviceConnect from Phoenix Technologies
Mobile phones:
SecureID from RSA
EntAuth
About the author
Benjamin Vigil is a technical editor with SearchSecurity.com.
