Thursday, 1 November 2007

Two-factor authentication Newbie Cheat Sheet

Two-factor authentication? What's that?
During the past month I have had a number of meeting to discuss security and a number of times senior management have asked what is Two Factor Authentication.

Well that's a question more and more people are asking at the moment as they hear about their bank adopting this new way of authenticating who you are. So Here is a cheat sheet for everyone who is still unsure.

But I know who I am...
I am very please to hear. And how do you prove who you are when accessing your bank or another secure environment such as your computer on the office network?

Well I use my password.
Which is?

Exactly. The problem here is that people aren't the best at choosing or protecting their passwords. Too often they go for easily guessable names or words or something so complicated they end up having to write it down. Instead companies are now looking at solutions such as two-factor authentication which typically involves single-use multi-digit numerical codes to complement the existing security as well as the username or PIN.

Sounds even more complicated...
This is where technology comes in. Many companies developing solutions in this space are providing secure tokens – little gizmos, if you like, no bigger than a key-fob ( which generate the random numbers for you. They're good for around as long as it take to log-in - and then they're done-and-dusted.

What are the benefits?
Single-use random numbers are far more secure than traditional static passwords (which admittedly aren't hard to beat or hack). They work by creating a reliance upon something the user knows, such as their username, and something they have, in this case the 6 or 8 digit number – which is far more reliable than a password written on a Post-it note.


Copyright 2009 Jason Hart. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan