Two-factor authentication: Hot technology for 2008

Where there’s a will, there’s a way

We've known for a long time that requiring just a user name and password to get on the network or to access personal information on a Web site isn't the tightest security posture, but there weren't a lot of good alternatives, and there wasn't that much pressure to change.

Now, with new federal regulations, with tough industry standards bearing down and with identity fraud and phishing running rampant, simple user name and password doesn't cut it anymore.

Luckily, there are plenty of good options out there for implementing two-factor authentication. Options that don't require public-key infrastructure. And options that don't rely on esoteric biometric techniques such as retinal scans or voice prints.

For example, Secure Computing offers a two-factor authentication platform that generates single-use passwords. End users launch the SafeWord Premier Access application to retrieve the one-time password. Secure Computing has also launched an application for handhelds and other mobile devices.

Ebay is offering its PayPal customers a US$5 security key based on VeriSign's One-Time Password Token product. The device issues a new numeric password every 30 seconds.

And there are plenty of innovative two-factor authentication methods out there. For example, Positive Networks uses phones as a way to authenticate users. An end user logging onto their computer triggers a phone call to a designated number. The user then punches in a PIN, which triggers access to the network.

A company called BioPassword uses "keystroke dynamics" to identify a user by the simple way that they type in their user name and password. If the typing rhythm matches, then the user is allowed in.

Then there's a company called PassFaces, which asks users to recognize a pre-determined human face from among a bunch of faces displayed on the screen. It's simple and doesn't require that end users have a physical token or remember a set of numbers.

At this point it almost doesn't matter what type of two-factor authentication you choose - token, key, biometrics, cognitive. The important thing is to make sure that you move beyond user name and password when letting users onto your network and onto your Web site.

Read about the other seven hot technologies for 2008:

Data leakage prevention: Hot technology for 2008
NAC: Hot technology for 2008
Web 2.0: Hot technology for 2008
iSCSI: Hot technology for 2008
802.11n: Hot technology for 2008
Green IT: Hot technology for 2008
Virtualization: Hot technology for 2008

Show Comments