Two Factor Authentication

True Two-Factor Authentication
Authentication for the Masses - Access Without Tokens, Cards or Fobs.
www.ANAKAM.com

Two Factor Authentication
Securely stores user names, passwords and personal information. Facilitates logon to Windows, networks, websites, and applications. Adds security and convenience no change required to ex.
securetech-corp.com

Biometric Fingerprint Readers
Fingerprint Readers & Biometric Software from Leading Manufacturer.
www.zvetcobiometrics.com

Affordable PKI USB Token and Welcome OEM
PKI applications, VPN, on-line protection, two-factor authentication.
www.digiwave.biz

iisPROTECT - Web Authentication
Web authentication - protect all Web site files including images, databases, html, ASP etc. Protect entire directories, restrict access to users/groups, Web administration.
www.iisprotect.com

Proven Authentication
Secure accounts and transactions with multi-layered authentication.
www.digital-resolve.net

Identify and Authenticate Your Customer
Solutions for merchants to help ID customers before the purchase.
www.ncms-inc.com

Ceelox ID Online
Ceelox ID Online, a server-based biometric software application.
www.itsecuritymall.com

Authentication Factor Two
Millions of Products from Thousands of Stores All in One Place.
www.Shopping.com

Two Factor Authentication
Two Factor Authentication Directory. Find Info & Compare.
lnfonow.com




Warning: mkdir() [function.mkdir]: Permission denied in /home/webs/affiliatelib2/CacheManager.php on line 12

Warning: mkdir() [function.mkdir]: No such file or directory in /home/webs/affiliatelib2/CacheManager.php on line 12

Warning: fopen(/home/templatecore2cache//*cluesnet.com/4a/4ac0cd54098c029dbb780dbab707768484467923.tc2cache) [function.fopen]: failed to open stream: No such file or directory in /home/webs/affiliatelib2/CacheManager.php on line 130

Warning: fwrite(): supplied argument is not a valid stream resource in /home/webs/affiliatelib2/CacheManager.php on line 131

Warning: fclose(): supplied argument is not a valid stream resource in /home/webs/affiliatelib2/CacheManager.php on line 132



An authentication factor is a piece of information and process used to authenticate or verify a person's identity for security purposes. Two-factor authentication is a system wherein two different methods are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance.

Summary

In order to understand Two-factor authentication, it's important to understand the three methods by which people authenticate themselves to digital systems:

There are three universally recognized factors for authenticating individuals:

A system is said to leverage Two-factor authentication (T-FA) (or multi factor authentication) when it requires at least two of the authentication form factors mentioned above. This contrasts with traditional password authentication, which requires only one authentication factor (such as knowledge of a password) in order to gain access to a system.

Common implementations of two-factor authentication use 'something you know' (a password) as one of the two factors, and use either 'something you have' (a physical device) or 'something you are' (a biometric such as a fingerprint) as the other factor. A common example of T-FA is a bank card (credit card, debit card); the card itself is the physical "something you have" item, and the personal identification number (PIN) is the "something you know" password that goes with it. See Chip and PIN for more information on this.

Using more than one factor is also called strong authentication; using just one factor, for example just a static password, is considered by some to be weak authentication. (Strong authentication also includes multi-factor that do not include a physical factor, such as a card or dongle. The multiple factors can both be online for strong authentication.)

It should be remembered, however, that strong authentication and multi-factor authentication are fundamentally different processes. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves 'something you have' or 'something you are', it would not be considered multi-factor. The FFIEC has issued supplemental guidance on this subject in August 2006, in which they clarified, "By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple solutions from the same category ... would not constitute multifactor authentication."

According to proponents, T-FA could drastically reduce the incidence of online identity theft, and other online fraud, because the victim's password would no longer be enough to give a thief access to their information. However, T-FA is still vulnerable to Trojan horse (computing) and man-in-the-middle attacks. The Failure of Two-Factor Authentication (Bruce Schneier, March 2005)

Deployment of T-FA tools such as smart cards and Universal Serial Bus Security tokens appears to be increasing. More organizations are adding a layer of security to the desktop that requires users to physically possess a token, and have knowledge of a PIN or password in order to access company data. However, there are still some drawbacks to two-factor authentication that are keeping the technology from widespread deployment. Some consumers have difficulty keeping track of one more object in their life. Also, many two-factor authentication solutions are proprietary and protected by patents. The result is a substantial annual fee per person protected and a lack of interoperability.

Tokens The most common forms of the 'something you have' are smart cards and Universal Serial Bus tokens. Differences between the smart card and USB token are diminishing; both technologies include a microcontroller, an operating system, a security application, and a secured storage area.

Biometrics In both cases, vendors are beginning to add biometric readers on the devices, thereby providing multi-factor authentication. Users biometrically authenticate via their fingerprint to the smart card or Security token and then enter a personal identification number or password in order to open the credential vault. However, while this type of authentication is suitable in limited applications, this solution may become unacceptably slow and comparatively expensive when a large number of users are involved. In addition, it is extremely vulnerable to a replay attack: once the biometric information is compromised, it may easily be replayed unless the reader is completely secure and guarded. Also, biometric information can not be changed.

Phones A new category of T-FA tools transforms the IBM PC compatible user's mobile phone into a Security token device using Text messaging or an interactive telephone call. Since the user now communicates over two channels, the mobile phone becomes a two-factor, two-channel authentication mechanism.

Some methods simply place a traditional telephone call to the end user's phone, prompting the user to press a key or sequence of keys. These solutions can be used with any telephone, not just mobile devices.

While such a method can simplify deployment, reduce logistical costs and remove the need for a separate hardware Security token devices, there are trade-offs. Users may incur fees for text/data services or cellular calling minutes.

Smart cards Smart cards are about the same size as a credit card. Some vendors offer smart cards that perform both the function of a proximity card and network authentication. Users can authenticate into the building via proximity detection and then insert the card into their IBM PC compatible to produce network logging (computer security) credentials. They can also serve as ID badges. The downside is that the smart card is a bigger device, the card reader is an extra expense.

Universal Serial Bus A Universal Serial Bus Security token has different form factor; it can't fit in a wallet, but can easily be attached to a key ring. A Universal Serial Bus port is standard equipment on today's computers, and Universal Serial Bus Security tokens generally have a much larger storage capacity for logging (computer security) credentials than smart cards.

Virtual Tokens Virtual Tokens are a new concept in multi-factor authentication first introduced in 2005 by security company Sestus Data. Virtual tokens work by sharing the token generation process between the internet website and the user's computer and have the advantage of not requiring the distribution of additional hardware or software. Virtual tokens are also immune to trojans and man-in-the-middle type fraud. Virtual tokens are patented and are marketed under the name PhishCops.

Other types

Some manufacturers also offer a One-time password (OTP) Security token. These have an Liquid Crystal Display screen which displays a pseudo-random number consisting of 6 or more alphanumeric characters (sometimes numbers, sometimes combinations of letters and numbers, depending upon vendor and model). This pseudo-random number changes at pre-determined intervals, usually every 60 seconds, but they can also change at other time intervals or after a user event, such as the user pushing a button on the token. Tokens that change after a pre-determined time are called time-based, and tokens that require a user event are referred to as sequence-based (since the interval value is the current sequence number of the user events, i.e. 1, 2, 3, 4, etc.). When this pseudo-random number is combined with a personal identification number or password, the resulting passcode is considered two factors of authentication (something you know with the PIN/password, and something you have from the OTP token). There are also hybrid-tokens that provide a combination of the capabilities of smartcards, USB tokens, and OTP tokens.

Market Acceptance Despite the security advantages of strong authentication its adoption is not yet widespread. A 2007 study by Celent reports that the year 2006 was dismal in terms of getting multifactor authentication (MFA) solutions out the door. Only 50% of banks were up and running for retail online banking, 40% for small business, and 60% for corporate banking. In 2007, 90% of banks are expected to be up and running for retail and small business online banking and 95% live for corporate banking, with nearly all banks deploying solutions by year end 2008. According to estimates released by research and consulting firm Celent on 23 July 2007.

There are several factors that contribute to this lack of pervasiveness.

Product proliferation The first challenge to face is the difficulty of deploying the Client (computing) IBM PC compatible software required to make these systems work. Most vendors have created separate installation packages for computer network login, WWW access credentials and VPN connection credentials. In other words, there may be four or five different software packages to push down to the Client (computing) PC in order to make use of the Security token or smart card. This translates to four or five packages on which version control has to be performed, and four or five packages to check for conflicts with business applications. If access can be operated using web pages, it is possible to limit the overheads outlined above to a single application.

User password management Users have natural problems retaining a single authentication factor like a password. It is not uncommon for users to be expected to remember dozens of unique passwords. T-FA where one factor is a password or personal identification number code, does not eliminate this problem. One possible solution is to have the second factor be a biometric, instead of an entity that the user needs to memorize.

Interoperability of authentication mechanisms Two-factor authentication is not standardized. There are various implementations of it. Therefore, interoperability is an issue.

Cost effectiveness Adding a second factor in the authentication mechanism could lead to increase in costs for implementation and maintenance. Most systems are proprietary and charge an annual fee per user in the $50-100 USD range. Deployment of security token is logistically challenging. Hardware Security tokens may get damaged or lost and issuance of Security tokens in large industries such as banking or even within large enterprises needs to be managed. Therefore, an analysis on the cost and benefit should be made before deciding on a stronger authentication mechanism. Note: Virtual tokens typically cost considerably less ($0.50 to $1.50 USD) and have no loss or damage costs.

Password security Another concern is the security of the T-FA tools and their systems. Several products store passwords in plain text for either the Security token or smart card software or its associated management Server (computing). In either case this largely negates one factor of the authentication since although an intruder could easily find the password/personal identification number used to authenticate to the device, they still need to be in possession of the relevant Security token or smart card for this type of attack to work.

There is a further argument that purports that there is nothing to stop a user (or intruder) from manually providing logon credentials that are stored on a Security token or smart card. For example to show all passwords stored in Internet Explorer, all an intruder has to do is to boot the Microsoft Windows operating system into safe mode (with network support) and to scan the hard drive (using certain freely available utilities). However, making it necessary for the physical Security token to be in place at all times during a session can negate this.

Software security Another concern when deploying smart cards, Universal Serial Bus Security tokens, or other T-FA systems is the security of the software loaded on to users' computers. A Security token may store a user's credentials securely, but the potential for breaking the system is then shifted to the software interface between the hardware token and the operating system, potentially rendering the added security of the T-FA system useless.

Market segments Market segments in regards to two-factor authentication are:

Related technologies Two-factor authentication solutions sometimes includes technologies to generate one-time passwords, a few solutions also include single sign-on (SSO) technology.

See also

References

External links

Two-factor authentication - Wikipedia, the free encyclopedia
An authentication factor is a piece of information and process used to authenticate or verify a person's identity for security purposes. Two-factor authentication (T-FA) is a ...

two-factor authentication | RSA Information Security Glossary
Two-factor authentication is also called strong authentication. It is defined as two out of the following three proofs: Something known, like a password, something possessed, like ...

Two Factor Authentication
Two Factor Authentication with Digital Client Certificates protecting online identities of the users provided by Comodo's Strong Authentication solutions.

Two Factor Strong User Authentication Security with Digital Client ...
Two Factor Strong User Authentication Security with Digital Client Certificates for Users providing internet fraud protection solutions from Comodo ™ Certification Authority.

Two Factor Authentication | Reg Whitepapers
Organizations that wish to use strong authentication have a variety of methods from which to choose. These methods range from simple username/password mechanisms that exist in ...

eToken PRO – USB Two Factor Authentication Token - Advanced Smart ...
eToken Pro is a two factor strong authentication Key. Learn more about the authentication token which can secure your sensitive applications.

Swivel - Products - Two-Factor Authentication
PINsafe, developed by Swivel Secure Ltd, is a flexible two-factor authentication solution for identity verification for remote access to the web, a secure protocol technology ...

Security Park - Two-Factor Authentication for clients of banks and ...
Security News: security systems, CCTV, remote monitoring, access control, IT security, intruder alarms, perimeter protection, manned guarding

Two-Factor Authentication | SSL VPN Authentication | Web Application ...
Strong Authentication solutions @ MultiFa.com, bringing Web Application Security to life. ... How SecureAuth mitigates the "Kaminsky" DNS attack Thursday, Aug 21, 2008

Secur Envoy
Tokenless two-factor authentication for disaster recovery and business continuity





 
Copyright © 2008 opini8.com - All rights reserved.
Home | Terms of Use | Privacy Policy
All Trademarks belong to their repective owners.
Many aspects of this page are used under
commercial commons license from Yahoo!