Increased online fraud and new industry regulations are driving companies to search for stronger authentication methods. The
problem is there's little agreement on the best authentication method or what constitutes multifactor authentication.
Authentication: Where's the magic factor?
04/24/06
Soft tokens at the new Interop show 01/16/06
Regulating two-factor authentication 10/10/05
Is two-factor authentication too little, too late? It's not enough 04/04/05
New attack fells Internet Explorer
11/22/09
A hacker has posted attack code that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser.
Google Chrome OS on the PC World Podcast
11/21/09
In this week's special (and slightly long) episode of the PC World podcast, editors Robert Strohmeyer, Tim Moynihan, Melissa Perenson, and Nick Mediati discuss the just-announced Google Chrome OS.
LG NAS Adds Blu-ray Drive
11/21/09
LG's N4B1 NAS box is neither a comprehensive media server nor a particularly fast performer, but as a network-attached storage device, it's quick enough for home/small-business file serving. The unit--available at this writing for around $700--is also the sturdiest and quite possibly the best-looking such box I've had my hands on. You also can't beat it's HTML configuration interface for looks or ease of learning and use. But none of that compares to the N4B1's most outstanding feature: an integrated Blu-ray burner, unique among NAS products in the SMB/SOHO market.
However, a set of best practices is slowly emerging that will help you develop a strong authentication program.
The first step is a basic one. Before jumping ahead to buying hardware tokens and face-recognition scanners, you need to thoroughly understand your risks.
 |
| Richard Hansberger, eNotarization director for the National Notary Association in Chatsworth, Calif. |
"When it comes to authentication, there is no one-size-fits-all solution," says Sally Hudson, an analyst at IDC. "Much depends on the level of security needed by the end user."
For example, most banks will probably offer different levels of access. For accounts that are high risk, the bank will issue tokens or smart cards. For customers who pose lower risks, the bank will more likely use software-only authentication, Hudson says.
Security consultant Bruce Schneier agrees that it's important to identify the problem before you decide on authentication. "You have to step back and make sure that there is an authentication problem that needs to be solved," he says. "If there is, then two-factor authentication will make an enormous amount of difference. If there isn't, then it won't."
|
Eight steps to better authentication
|
|
|---|---|
| • | Measure risk. |
| • | Assess user base. |
| • | Choose solution that matches user base and risks. |
| • | Build business practices around authentication. |
| • | Conduct pilot test and phased rollout. |
| • | Tie in with other layers of security. |
| • | Monitor, measure, audit and review. |
| • | Roll out additional tiers of authentication or security layers as users and risks change. |
There are three key questions to ask when setting up an authentication system, according to Karen Devine of RSA Security:
1. Who are you? Is this person an employee, a partner or a customer? Different levels of authentication would be set up for different types of people.
2. Where are you? For example, an employee who has already used a badge to access the building is less of a risk than an employee or partner logging on remotely. Someone logging on from a known IP address is less of a risk than someone logging on from Nigeria or Kazakhstan.
3. What do you want? Is this person accessing sensitive or proprietary information or simply gaining access to benign data?
When dealing with consumer-facing applications, such as online banking and e-commerce, strong authentication must be balanced with convenience. "There's a trade-off between increased protection and turning customers away from your online channel," cautions Kathie Claypool, senior vice president of e-commerce for Bank of America.
If it's too difficult to bank or shop online, users will go back to the brick-and-mortars.
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
Network World on Twitter: Get our tweets and stay plugged in to networking news