Skip Links

Why password-only authentication is passe

Mobility, cloud, BYOD lead to surge in two-factor authentication schemes  

By Bob Violino, Network World
June 10, 2013 06:09 AM ET

Network World - The rapid growth of mobile devices that can access corporate networks and data, the expanding use of cloud-based IT services, and the increasing popularity of apps such as online banking mean that IT needs to pay closer attention to authentication.

Ensuring that users are who they claim to be can keep enterprises from experiencing damaging security breaches and the loss or theft of data.

For many companies, the multi-factor (or two-factor) approach to authentication — the process of identifying an individual based on more than one factor such as a user name, password, smartcard or biometric attribute — promises the best way to ensure someone’s true identity.

While multi-factor authentication has been around for years (think of automated teller machines that require ATM cards and personal identification numbers), things are quickly changing and demand for stronger authentication is on the rise.

Two main trends are having an impact on authentication, says Forrester analyst Eve Maler. One is the increasing frequency of security breaches that expose user passwords, other security data, and personally identifiable information. The other is the ubiquity of mobile devices.

[TEST: Smartphones take center stage in two-factor authentication schemes]

“While password-only authentication is still the norm for many online services, more services are enabling optional two-factor authentication,” Maier says. “Mobile devices have two roles in this landscape: new platforms for online apps that users need to log in to, and new tools that can be used to assist authentication into other channels, such as a browser on a laptop.”

In a recent report on authentication, IDC said that the security authentication market is poised for change based on a number of market disruptions and technological advancements in the “identity ecosystem.”

These include:

  • The explosion of social networking and the increasing number of identities online, including those considered duplicates, misclassified and undesirable.
  • The use of consumer devices in the enterprise.
  • The need for and ability to add contextual awareness to the identity and transaction ecosystem.
  • The proliferation and maturation of authentication standards (including OpenID Connect, OAuth, Simple Cloud Identity Management, Security Assertion Markup Language and others) driving interoperability between internal and external identity systems.
  • Public sector initiatives sponsored by the National Strategy for Trusted Identities that are aimed at accelerating progress toward interoperability between legacy identity and trusted online credentials.
  • The emergence of authentication services, both on-premise and off-premise, from various providers.
  • And the use of multi-layered authentication approaches and techniques that include content delivery networks, electronic credentials, shared secrets, alternative channels, analytic systems and managed services.

The demand for stronger authentication has developed at all levels of society and business interaction, IDC says. Form factors for multi-factor authentication have “morphed from traditional tokens to USB devices to smart cards to fingerprint readers, soft tokens and scanning devices,” the firm says.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News