Security is one of the areas of spending in which the budget rarely gets smaller because security is important to every organization. It’s critical that only authorized users are able to access enterprise applications and information.
As phishing and other social engineering attacks proliferate, IT departments look for new ways to ensure the person logging in to the account is the person to whom the account belongs. The search for greater security leads most of these departments toward multifactor authentication.
Three basic factors of authentication
There are three basic “factors” of authentication:
In the most common authentication scheme, a single factor is used. We’re all familiar with the basic username and password combination that introduces everyone to the idea of authentication. That is single-factor authentication, since it’s all about what you know.
For a growing number of companies, that single factor is no longer enough, especially since it involves information that can easily be shared, stolen, or coaxed from a user.
Time to get physical?
One form of authentication most often talked about now is biometrics—that is, using something you are to authenticate an account.
A wide variety of body parameters can be used as authentication factors, ranging from fingerprints and handprints to facial recognition and iris scans. It’s even possible to use the unique characteristics of an individual’s voice to authenticate the individual.
One of the critical points of deploying any form of biometric authentication is that workstations must have the hardware necessary to “read” the biometric information.
While still not universal, many laptop computers and desktop workstation keyboards are available with fingerprint scanners, though care must be taken when looking at specifications. Some scanners will require more user training than others for reliable, consistent use.
Cameras and microphones built into laptop workstations can be used for facial and voice-pattern recognition, while cameras, microphones, and fingerprint readers can be added via USB to either laptop or desktop systems until new, biometric-ready systems can be purchased on the refresh schedule.
Relying on token security
The third factor in authentication is something you have. This is most frequently a one-time token generated by a dedicated device or, increasingly, by an app on a smartphone. In this authentication, after providing a username and password, the user must provide the numeric token displayed on the token-generating device.
In all forms of authentication, IT departments must weigh security against usability. With today’s technology, it would be entirely possible to require four or five different forms of authentication to log in to an account. But how many users have access to information that is so valuable that it justifies a ten-minute routine in order to log in? Adding just a second factor, especially one that can’t be easily shared or stolen, provides significant security with minimal impact on usability.