Thursday, August 14, 2008
Identify ME!! Securing Your Future with Two- Three Factor Authentication
What is Authentication?
Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. This might involve confirming the identity of a person or assuring that a computer program is a trusted one.
What is an Authentication Factor?
An authentication factor is a piece of information and process used to authenticate or verify a person's identity for security purposes.
What is Transactional Authentication?
Transaction authentication generally refers to the Internet-based security method of securely identifying a user through two or three factor authentication at a transaction level, rather than at the traditional Session or Logon level.
Types of Factor Authentications:
1. Two Factor Authentication: Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of as something you have and something you know. A common example of two-factor authentication is a bank card: the card itself is the physical item and the personal identification number (PIN) is the data that goes with it.
2. Three Factor Authentication: is a security process in which
the user has to provide the following three means of identification:
• Something the user has (e.g., ID card, security token, software token)
• Something the user knows (e.g., a password, pass phrase, or personal identification number (PIN))
• Something the user is or does (e.g., fingerprint or retinal pattern, DNA sequence, signature or voice recognition, unique bio-electric signals, or any other biometric identifier)
A few examples of the factors that could be used as SOMETHING THE USER HAS:
Tokens: The most common forms of the 'something you have' are smart cards and USB tokens. Differences between the smart card and USB token are diminishing; both technologies include a microcontroller, an OS, a security application, and a secured storage area.
Biometrics: Vendors are beginning to add biometric readers on the devices, thereby providing multi-factor authentication. Users biometrically authenticate via their fingerprint to the smart card or token and then enter a PIN or password in order to open the credential vault.
Phones: A new category of T-FA tools transforms the PC user's mobile phone into a token device using SMS messaging or an interactive telephone call. Since the user now communicates over two channels, the mobile phone becomes a two-factor, two-channel authentication mechanism.
Smart cards are about the same size as a credit card and perform both the function of a proximity card and network authentication. Users can authenticate into the building via proximity detection and then insert the card into their PC to produce network logon credentials. They can also serve as ID badges.
Universal Serial Bus
A USB token has different form factor; it can't fit in a wallet, but can easily be attached to a key ring. A USB port is standard equipment on today's computers, and USB tokens generally have a much larger storage capacity for logon credentials than smart cards.
OTP Token: Some manufacturers also offer a One Time Password (OTP) token. These have an LCD screen which displays a pseudo-random number consisting of 6 or more alphanumeric characters (sometimes numbers, sometimes combinations of letters and numbers, depending upon vendor and model). This pseudo-random number changes at pre-determined intervals, usually every 60 seconds, but they can also change at other time intervals or after a user event, such as the user pushing a button on the token. Tokens that change after a pre-determined time are called time-based, and tokens that require a user event are referred to as sequence-based (since the interval value is the current sequence number of the user events, i.e. 1, 2, 3, 4, etc.). When this pseudo-random number is combined with a PIN or password, the resulting pass code is considered two factors of authentication (something you know with the PIN/password, and something you have from the OTP token). There are also hybrid-tokens that provide a combination of the capabilities of smartcards, USB tokens, and OTP tokens.
Advantages Of using 2/3 Factor Authentication:
1. Drastically reduce the incidence of online Identity Thefts, phishing expeditions and other online frauds.
2. Ensures that you have a very strong authentication method in place.
3. Increases the confidence and trust levels of the users interacting with your network.
4. Adheres to the compliance rules of various standards especially if you are in the financial domain.
5. Ensures that you have sufficient levels of security to thwart any attacks on your network.
6. It allows you to provide secure remote access to your network.
Image Source: www.koshatech.com/images/solutions_img.jpg