Product Details
Product Rating
ActivCard Gold Desktop
ActivPack AAA Server
Digipass
ECHOsystem
Entrust USB Token
iKey 1000
iKey 2000
KeyCrypt
Novell Netware 6.5
Passholder Pro
RSA ACE/Server
SecuriKey Authentication System Professional Version
SecuriKey Personal Edition
U.are.U Pro for Active Directory
Entrust USB Token earns Best Buy, due to its well considered approach, standards compliance and overall ease of deployment – all at a reasonable cost and supported by a major supplier. We recommend the Digital Persona U.are.U Pro for Active Directory as a mature product that offers high levels of security featuring biometric identity verification that can be smoothly integrated into a typical business environment.
Two-factor authentication (2004)
You might think that two is more complicated than one, but that is not always the case. Julian Ashbourne shows that it depends on what you want
To some, two-factor authentication is standard operational fare. For others, it feels like an optional high-tech security approach.
After all, they have survived so far by using passwords, so why complicate things at a time when many are striving to simplify their IT operations and lower costs? So what is the business case for two-factor authentication? What prospects are there for technology suppliers and integrators concentrating in this area? To understand this more fully, we must consider the societal changes which we have recently experienced that highlight the opportunities for, and implications of, identity theft.
The value of trust has been scrutinized recently, whether between supplier and customer, employee and employer or any parties involved in a transaction. When such a transaction (including network access) is undertaken electronically, we do not have the benefit of the particular human interaction which often serves to establish identity verification and trust. This situation has been exploited in nearly every situation imaginable, from inappropriate network access to commercial fraud. It is surely pertinent to understand and consider all the options for identity verification in relation to electronic transactions.
Two-factor authentication seeks to improve relative security by adding a second parameter to the credentials used to identify an individual in relation to a transaction (you could also consider three-factor or more, depending upon the requirement).
The parameters involved could be a mixture of PIN, dynamic passwords, biometrics, certificates and tokens (such as smartcards, USB sticks and others).The technology building blocks are well established, and the consideration for many will be simplicity of implementation and operation, followed by considerations of cost, ongoing management and sustainability.
Here is a collection of representative products that provide a taste of current approaches to two-factor authentication. Even within this small sample of offerings, we can see some differences in application and scale, albeit based around similar concepts.
Any organization looking at this area should understand and document its perceived requirements and associated objectives in order to appreciate which products or suppliers will suit it best. An equally clear understanding of its current infrastructure and future architectural strategy is required. Then, reasonable judgments can be made as to the relevance of a given solution, plus the potential business case for implementation.
In many cases, the 'second' factor will take the form of a physical token and, while token technology is well established, the infrastructural requirements must be considered.
With USB tokens, this is straightforward, because most contemporary client workstations and portables are equipped with USB ports. For smartcards, we must also consider the token readers and how robust they are (physically and from a security perspective). Or, if you are considering the use of a biometric, then the biometric capture device needs to be considered.
Interestingly, several notebook computers are now supplied with integral fingerprint readers, providing some interesting user authentication possibilities. There are also keyboard peripherals which incorporate both smartcard and biometric readers. There are random number generator tokens to support the use of dynamic one-time passwords, which are non-contact, but require a different interaction with the user.
This brings us to usability, an important consideration for a large numbers of users. For users, the authentication process should be simple and intuitive, as should the exception-handling process when things go wrong. The use of tokens should be intuitive and tokens should be practical.
For example, they should be easy to carry, easy to identify, robust and secure. The architectural configuration of the authentication process should also be designed with the user in mind, ensuring minimum operational delays.
Furthermore, the design of software user interfaces will affect usability. They should be logical, intuitive and well presented. Much of this lies in the domain of the technology supplier, but internal processes, training and support also have a part to play. Implementing a successful two-factor authentication program will depend on having a clear requirements definition, planning the operational process, understanding the infrastructural requirements and selecting the right product.
In this review, we have examined some representative products and found that, in general terms, they all offer potentially valuable functionality for those exploring this idea.
The underlying concepts are relatively well established, providing a foundation upon which individual solutions might be designed and built. Products are readily available and the prospective user has a good choice of both tools and supplier.
Which brings us back to where we started – identifying the need.
