Fortifying Your Network-Access Control

Posted by Curtis Franklin Jr. on January 28, 2005

Tags: Biometrics,  Hardware token,  Password,  Smart card,  Strong authentication,  Three-factor,  Two-factor,  Authentication,  Data Protection,  Network Security,  Other,  Smart Cards

Channel: Data Protection, Other

Read On Review: Authentication Tools Using AD for Linux Authentication Survivor's Guide to 2005: Security Developing a Compliance-Driven Framework How to Configure Access Controls With Active Directory Remote Access Security Single Sign-On Still Stinks Goose Eggs iPass Buys Device 'Fingerprinting' for Secure Remote Access

Identity and access management was a $2.21 billion market in 2003, according to IDC, which expects the market to grow to $3.5 billion by 2008. This spending will be split among various pieces of authentication technology, from user information databases to authentication servers, and middleware to hardware tokens. As the fragments are integrated, authentication will be strengthened by requiring two, three or more factors to assert identity, and by SSO (single sign-on), in which multiple passwords and logins associated with different networks and applications are replaced by a one-time authentication at the beginning of a user's workday.

The Evolution of Identity

In the beginning was the user name, and it was good--for a while. Then came the password and with it, single-factor authentication--your identity is ensured by something known (theoretically) only to you. For the majority of organizations we polled, authentication still requires solely a user name and password, and for some applications, that's enough. However, when companies try to make passwords more secure by requiring frequent changes and to make passwords stronger by requiring a mix of numbers and characters and banning words found in common dictionaries, they often run up against the limits of human memory. Users may write their passwords on Post-its or forget their passwords and place calls to the helpdesk--calls that costs, according to industry estimates, between $10 and $35 each. Add to that the fact that passwords are prone to theft when written down, used in some remote and wireless network-access applications, or attacked through worms or keystroke-logging spyware, and the need for another level of identity assurance is clear.

That bring us to two-factor authentication, which adds something you possess--usually a hardware authentication token--to something you know. This is the setup more companies are moving toward as they seek to replace the requirements of strong passwords with the security of a single-use PIN token.