At a time when identity theft is running rampant, it's crucial to have sound practices for user authentication, customer authentication and partner authentication. Are user names and passwords enough? Is two-factor authentication an effective tactic or useless in the face of emerging threats? This learning guide from SearchSecurity.com is a comprehensive resource that will help you understand today's authentication methods and challenges, and show you how to implement secure authentication systems.
What is authentication?
Authentication involves determining whether a user is, in fact, who he or she claims to be. Authentication can be conducted through the use of logon passwords, single sign-on (SSO) systems, biometrics, digital certificates and a public key infrastructure (PKI).
User authentication is critical to ensure proper authorization and access to systems and services, especially since data theft and information security threats are becoming more advanced. Although authentication cannot completely stop information and identity theft, we can make sure that our resources are protected throughout several authentication methods.
There are three factors of authentication to consider: something you know, such as a user ID and password; something you have, such as a smart card; and something you are, which refers to a physical characteristic, like a fingerprint that is verified using biometric technology. These factors can be used alone, or they can be combined to build a stronger authentication strategy in what is known as two-factor or multifactor authentication. This guide reviews the methods associated with all three authentication factors.
EXPLORING AUTHENTICATION METHODS
Introduction: What is authentication?
ID and password authentication
Biometric authentication devices, systems and implementation
Enterprise single sign-on: Easing the authentication process
PKI and digital certificate authentication and implementation
Security token and smart card authentication
This was first published in November 2008