Two-factor authentication options

From tokens to biometrics, there are many solutions to beef up user authentication. Value-added resellers (VARs) and systems integrators are in a position to help their customers carefully evaluate the choices. This article, reposted courtesy of Information Security magazine,

    Requires Free Membership to View

introduces the technologies that can be used to create a two-factor authentication system.

Two-Factor Authentication Crash Course
Visit our Two-Factor Authentication Crash Course designed specifically for VARs and systems integrators to learn more about the FFIEC's mandate and the limitations of two-factor authentication.

Christopher Paidhrin had no difficulty selling an enterprise single sign-on and fingerprint authentication solution to upper management at Southwest Washington Medical Center. Quite simply, it took out the hassle factor of HIPAA compliance.

"By implementing this solution we addressed eight principal requirements and 15 secondary requirements," says Paidhrin, senior security officer for ACS Healthcare Solutions, the IT outsourcing partner to the the hospital.

Regulatory requirements, like HIPAA and new regulations such as Federal Financial Institutions Examination Council (FFIEC) rules, are forcing organizations to scramble for authentication and identity management options. Meanwhile, the Homeland Security Presidential Directive 12 (HSPD 12) mandates that federal1 agencies must have a single ID card for physical and IT access by Oct. 27.

Because of these new and existing regulations, Information Security magazine and SearchSecurity.com readers rank strengthening authentication as their top ID and access management priority for this year.

In general, organizations should consider which regulations impact them and conduct a risk analysis of their systems. From there, they can decide the most appropriate way to apply strong authentication so that they're protecting systems with sensitive data and meeting regulatory requirements without going overboard.

Tokens, smart cards, biometrics and certificates all offer stronger ways of identifying users, customers and partners. Each has its strengths and weaknesses, and costs can be anywhere from $1 to $35 per user. As a result, companies must weigh their costs with the benefits and understand that each solution doesn't necessarily provide sure-fire security.

Learn more about each of these authentication options by clicking on the links below.

Two-factor authentication options

  Smart cards
  Safe mode: Danger zone



About the author
Tom Bowers is the Security Director of Net4NZIX, an independent think tank and industry analyst group, as well as a technical editor for
Information Security magazine. Bowers, who holds the CISSP, PMP and Certified Ethical Hacker certifications, is a well known expert on the topics of data leakage prevention, global enterprise information security architecture and ethical hacking. He is also the president of the Philadelphia chapter of Infragard, the second largest chapter in the country with more than 600 members.

This was first published in November 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.