Increased online fraud and new industry regulations are driving companies to search for stronger authentication methods. The
problem is there's little agreement on the best authentication method or what constitutes multifactor authentication.
Authentication: Where's the magic factor?
04/24/06
Soft tokens at the new Interop show 01/16/06
Regulating two-factor authentication 10/10/05
Is two-factor authentication too little, too late? It's not enough 04/04/05
Apple Store announces Reserve And Pick Up program
11/07/09
For you pre-Thanksgiving shoppers, the Apple retail store on Friday announced a way to get a jump on your holiday list. The Reserve And Pick Up option will let you choose hardware products online and swing by your local store to collect them between December 15 and 24. Currently, the line-up of offerings includes iPods, iPhones, MacBooks, Mac Minis, iMacs, and Mac Pros. To make a reservation, you sign in with your Apple ID and select a store location. Payment is due only at the time of pick-up.
Q&A: isoHunt founder says P2P can help create post-piracy world
11/07/09
isoHunt's Gary Fung talks about how isoHunt has evaded legal trouble so far, why he holds out hope of working together with Hollywood and the music industry, and how he's launched a new P2P site for just that purpose.
Update fixes iPhone sync problem with Windows 7 for some
11/07/09
Gigabyte Technology issued a BIOS update on Friday that fixes a problem for some Windows 7 users who have been unable to sync their iPhones.
However, a set of best practices is slowly emerging that will help you develop a strong authentication program.
The first step is a basic one. Before jumping ahead to buying hardware tokens and face-recognition scanners, you need to thoroughly understand your risks.
 |
| Richard Hansberger, eNotarization director for the National Notary Association in Chatsworth, Calif. |
"When it comes to authentication, there is no one-size-fits-all solution," says Sally Hudson, an analyst at IDC. "Much depends on the level of security needed by the end user."
For example, most banks will probably offer different levels of access. For accounts that are high risk, the bank will issue tokens or smart cards. For customers who pose lower risks, the bank will more likely use software-only authentication, Hudson says.
Security consultant Bruce Schneier agrees that it's important to identify the problem before you decide on authentication. "You have to step back and make sure that there is an authentication problem that needs to be solved," he says. "If there is, then two-factor authentication will make an enormous amount of difference. If there isn't, then it won't."
|
Eight steps to better authentication
|
|
|---|---|
| • | Measure risk. |
| • | Assess user base. |
| • | Choose solution that matches user base and risks. |
| • | Build business practices around authentication. |
| • | Conduct pilot test and phased rollout. |
| • | Tie in with other layers of security. |
| • | Monitor, measure, audit and review. |
| • | Roll out additional tiers of authentication or security layers as users and risks change. |
There are three key questions to ask when setting up an authentication system, according to Karen Devine of RSA Security:
1. Who are you? Is this person an employee, a partner or a customer? Different levels of authentication would be set up for different types of people.
2. Where are you? For example, an employee who has already used a badge to access the building is less of a risk than an employee or partner logging on remotely. Someone logging on from a known IP address is less of a risk than someone logging on from Nigeria or Kazakhstan.
3. What do you want? Is this person accessing sensitive or proprietary information or simply gaining access to benign data?
When dealing with consumer-facing applications, such as online banking and e-commerce, strong authentication must be balanced with convenience. "There's a trade-off between increased protection and turning customers away from your online channel," cautions Kathie Claypool, senior vice president of e-commerce for Bank of America.
If it's too difficult to bank or shop online, users will go back to the brick-and-mortars.
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
Network World on Twitter: Get our tweets and stay plugged in to networking news