Tip

Two-factor authentication grows up

With an increasingly dispersed work force attempting to access business critical applications from a central site and the security of these actions based on an often all-too simple password, it's no wonder that some administrators feel nervous about network security. Fortunately, if you are looking for added security for remote users accessing your network, there are technologies that can help.

Two-factor authentication remains one of the most secure ways to extend access to remote employees. Simply put, the two factors are something the user knows -- a password -- and either something they have -- a token, a mobile phone or even their own PC -- or something they are -- biometrics. Deciding to invest in this technology has a lot to do with how secure you need your network to be and whether remote employees understand this and consent to a retinal scan every time they log on. Of course, the use of two-factor authentication doesn't need to be that extreme or that expensive.

Before the technology caught up with the concept, the major stumbling block of two-factor authentication was the need for extra hardware. If every remote user needs a card reader the cost and inconvenience of two-factor authentication begins to outweigh the benefits.

So now the main competition between two-factor authentication vendors, is how to make the second factor as convenient and inexpensive as possible. The main goal is to eliminate the need for extraneous hardware. A USB-compatible

    Requires Free Membership to View

key, for instance, can contain a control device that performs hashing functions, a storage area to store encrypted passwords and can plug into pretty much any piece of hardware. Similar technology is employed in smart cards, but the control device in the key eliminates the need for a card reader.

Other companies are utilizing mobile phones as the second factor of authentication. A user connects to a server with their mobile phone using a username and password, then through text messaging they are delivered a one-time-use access code to access a network. The access code is only viable for short time. Read more about this technology in this ITWorld article.

Another second-factor authentication method involves the use of software installed on a laptop or other mobile computing device that combines with a password to grant access. The computing device itself becomes the token.

There is, of course, much more to the technology that goes into these products, but one of the selling points of most is that they can be integrated seamlessly with existing security systems and are simple to administer. Most can be used in conjunction with VPNs, RAS and support 1024-bit PKI.

Below is a sampling of some of the two-factor authentication vendors grouped by the methods discussed above:

Tokens:
IKey from Rainbow
ASAS from Authenex
ActivCard
eToken from Aladdin

PC as token:
FirstAuthority DeviceConnect from Phoenix Technologies

Mobile phones:
SecureID from RSA
EntAuth


About the author
Benjamin Vigil is a technical editor with SearchSecurity.com.


This was first published in November 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.