A strong authentication solution that validates the identities of users and computing devices that access the non-public areas of an organization’s network is the first step in building a secure and robust information protection system.
1. Match Your Authentication Solution to Your Business, Users, and Risk
A flexible approach that enables an organization to implement different authentication methods based on different risk levels may ensure a robust system that can be efficiently and cost-effectively deployed.
Technologies for multi-factor authentication include:
One-Time Passwords (OTP):OTP technology is based on a shared secret or seed that is stored on the authentication device and the authentication backend. This method ensures authentication by generating a one-time passcode based on the token’s secret.
Certificate-based Authentication (CBA):This method ensures authentication using a public and private encryption key that is unique to the authentication device and the person who possesses it. CBA tokens can also be used to digitally sign transactions and to ensure non-repudiation. Thales delivers certificate-based authentication via Mobile tokens
Context-based Authentication: ontext-based authentication uses contextual information to ascertain whether a user’s identity is authentic or not, and is recommended as a complement to other strong authentication technologies. In order to develop a robust authentication solution, organizations should consider their business, users, and risk, and select a solution that provides them with the flexibility to adapt as needed. For example, if organizations are interested in implementing additional security solutions that rely on PKI technology, such as full-disk encryption, network logon, and digital signatures, or are thinking about adding such solutions in the future, they should consider CBA, as it enables these applications.
2. Prefer Solutions That Adhere to Standards-Based Security and Certifications
Products that are built upon standards-based crypto-algorithms and authentication protocols are preferred. Unlike proprietary algorithms, standards-based algorithms have gone through public scrutiny by industry and security experts that reduces the chance of any inherent weaknesses or vulnerabilities. Moreover, they enjoy broad industry support.