News Stay informed about the latest enterprise technology news and product updates.

Two-factor authentication's time has arrived

Companies seem to be clamoring for stronger forms of authentication in the consumer market after years of password-only problems.

Once upon a time, companies couldn't give away two-factor authentication services. Now, some are positioning themselves to make big money from it, signaling the possible demise of passwords as we know them.

Some recent examples:

  • America Online's Passcode service, in which users get a small handheld six-digit numeric code key. To log onto an AOL account equipped with the service, they'll have to type in the six-digits, which refresh on the device every 60 seconds, on top of using the regular password.

  • RSA making its SecurID product available for Microsoft Windows users, saying it'll help "ensure that valuable network resources are accessible only by authorized users" while "simultaneously delivering a simplified and consistent user login experience."

  • VeriSign's Unified Authentication managed service, in which enterprises deploy Universal Serial Bus (USB) tokens to all their users and VeriSign manages the infrastructure.

  • IBM's new ThinkPad, which includes a fingerprint reader that signs users into all their passwords.

    Why do companies seem to be clamoring for something they couldn't be bothered with a couple years ago? One reason: the problematic passwords people need to navigate their networks, said Jonathan Penn, an analyst for Cambridge, Mass.-based Forrester Research.

    "Windows 2000 finally gave administrators the ability to enforce strict passwords with a certain number of letters," Penn said. "That created a backlash where people would have trouble remembering their passwords, so they'd write it on a piece of paper and stick it in their desks. Then someone could come along and find it." Two-factor authentication does away with these passwords, he said.

    Compliance is another reason, he added. "On the enterprise side, interest in two-factor authentication is all about compliance, data protection and integrity of operations," he said. "Enterprises are looking for a greater sense of accountability. There's greater pressure to ensure people are who they say they are."

Dig Deeper on Two-factor and multifactor authentication strategies

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.