Problem solve Get help with specific problems with your technologies, process and projects.

Two-factor authentication and certificates

An introduction to certificates including how they work, their pros and cons, and expert advice on if and when to deploy them.

How they work

Certificates are typically used in conjunction with USB tokens or smart cards but can be implemented separately. A certificate is assigned to a user, a token or a particular machine and is read during the authentication process. Certificates are much more secure than they were a few years ago due to better encryption and more robust certificate stores.

Pros and cons

Certificates tend to be a stronger style of authentication, but come at a much higher cost. The infrastructure typically required in an enterprise (servers, hierarchical certificate server domain deployment and personnel) is pricey to set up and maintain. Third-party vendor-managed services help, but this authentication is still more expensive than most others reviewed here.

What to do

Organizations with extremely high security requirements, such as government agencies handling classified information, will want to consider certificates. Today, there are discrete pockets of certificate implementations, but with the increasing deployment of USB tokens and TPM chips, this sector is expected to grow over the next decade to become nearly ubiquitous.

Two-factor authentication options

  Smart cards
  Safe mode: Danger zone

Tom Bowers

About the author
Tom Bowers is the Security Director of Net4NZIX, an independent think tank and industry analyst group, as well as a technical editor for
Information Security magazine. Bowers, who holds the CISSP, PMP and Certified Ethical Hacker certifications, is a well known expert on the topics of data leakage prevention, global enterprise information security architecture and ethical hacking. He is also the president of the Philadelphia chapter of Infragard, the second largest chapter in the country with more than 600 members.

This article originally appeared in Information Security magazine.

Dig Deeper on Identity and access management (IAM) security services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.