SlideShare une entreprise Scribd logo

Two-Factor Authentication for Increased Online Security

Hai Nguyen
Hai Nguyen

Two-factor authentication provides stronger security than single-factor authentication like usernames and passwords alone. It requires two factors: something you know (like a password) and something you have (like a token, smart card, or biometric). This makes hacking accounts more difficult as possessing just a password is not enough. While more secure, two-factor authentication has additional costs and may be inconvenient for users. However, as technology advances, the use of two-factor authentication is growing in industries like banking and online brokerages to better protect customers.

Technologie
1  sur  16
Télécharger pour lire hors ligne
Two-Factor Authentication - 1 Two-Factor Authentication Abstract Today’s widespread use of single-factor authentication is in the midst of change. Both corporate and personal assets are at risk against people trying impersonating users and stealing money and information. Single-factor authentication methods such as the basic username/password combination are no longer sufficient enough. Two-factor authentication provides a significant increase in security. No longer will an un-secured password provide enough information to a hacker to allow a breach in security. The password or pin number must be used in conjunction the use of tokens, smart-cards or even biometrics. The combination of the two factors will provide companies make sure of the people accessing secure systems. Roger Elrod East Carolina University Summer 2005 DTEC 6870 Semester Project Due: July 17, 2005.
Two-Factor Authentication - 2 Table of Contents Two Factor Authentication ............................................................................................................. 3 Introduction ................................................................................................................................. 3 Single-Factor Authentication....................................................................................................... 3 Problems with Single-Factor Authentication........................................................................... 4 Two-Factor Authentication.......................................................................................................... 5 Biometrics used as the Second Factor. .................................................................................... 7 Pros and Cons of Two-Factor Authentication. ...................................................................... 10 Two-Factor Authentication in Industry.................................................................................. 11 Conclusion................................................................................................................................. 12 References..................................................................................................................................... 15
Two-Factor Authentication - 3 Two Factor Authentication Introduction If you are walking down the street and you ask for my name, how would you know I am telling you the truth? Well, since you would have no real reason to doubt me, you may just take my word on the matter. But if you were not a trusting sole, you may ask to see some identification. At that point, burden of proof would be on me. I could either decline the offer to prove my identity to you and just walk away, or I could reach for my driver’s license. Upon seeing the driver’s license, you could either proceed with the conversation believing that my driver’s license is real, or, you could just walk away or even report me to the authorities. The identification process in a face-to-face setting is pretty much that straight-forward. But in this day and age, how many times do we actually meet someone in person and have to wonder if they are who they say they are? Nowadays, more and more people are conducting business in cyberspace. Corporate networks and the Internet have opened up the opportunity for many lucrative business ventures. The aspect of identity authentication has become of a primary concern for all kinds of businesses. Single-Factor Authentication The most prevalent authentication type in use today is single-factor authentication. In short, single-factor authentication is your basic username/ password combination. The single factor in this case is something you know; your password. Most business networks and most internet sites use basic username/password combination to allow access to secured or private resources.
Two-Factor Authentication - 4 Problems with Single-Factor Authentication. How often are usernames and passwords utilized in the daily course of life? At the workplace, employees have to log into their corporate network at least once a day. Some companies still utilize multiple networks. Multiple networks add additional username/password combinations to remember and use. Still many other companies with mainframe capabilities require an additional login credentials. All of the different networks and mainframe’s then have different password standards and different lengths of time until the password will need to be changed. The second 50% of the combination, the password, is the main component of the phrase that is often miss-understood, miss-managed and too often taken for granted. Studies have shown that many users write down their password, choose easily guessed passwords, constantly re-use old passwords and sometimes share their passwords with other people. Technicians often report finding users password on sticky notes under the keyboard, or just stuck on the side of their monitor (Bigler 32). The Microsoft Corporation has attempted to mitigate one of the inherit problems with the username/password combination. Microsoft has been a proponent of the idea of using “Strong Passwords.” Instead of having people use common names for password, Microsoft has detailed the use of using a combination of letters, numbers, and special characters for passwords. While guessing someone’s password will be more difficult if the password is “#$#rU78!”, the use of strong passwords will still not deter individuals from writing their passwords down. In fact, the use of “strong passwords” will likely increase the number of times someone jots down their password, just so they do not forget it. (Wildstrom 26)
Two-Factor Authentication - 5 The common username/password combination is a form of single-factor authentication; the single factor being the password. Another form of authentication, two-factor authentication, is again starting to get noticed in the workplace. The increased use of two-factor authentication is helping to mitigate most of the problems of the basic username/ password system. If usernames are only utilized in the workplace then that might be something that an individual can handle. However, the Internet has thousands of sites that require even more user name and password combinations. This proliferation of “secure sites” causes individuals to undermine the whole idea of personal security. Many problems exist within the world of single-factor authentication. The first part of username/password combination, the username, may seem non-threatening in a security sense. However, in a single-factor authentication site, knowing the username, or even the current naming convention of the usernames within an organization already give the potential hacker/thief 50% of the information required to gain access to vital information. A would be hacker with knowledge of correct usernames can then use specially designed software to try to guess the password. Many people use their pet’s name as a password. Still others use their social security number as their password. While still a few trusting soles use the word “password” as their password. Many programs exist that will easily decipher passwords that use common words or names within seconds. Two-Factor Authentication Two-factor authentication provides a significant increase in security over the traditional username/password combination. The two factors of two factor authentication are: something you know and something you have. In the single-factor world of authentication, the password
Two-Factor Authentication - 6 was the “something you know” part. The additional factor, “something you have”, is the key component. The something you have component can either be tokens, smart cards, pin/tan’s, and biometrics (to be discussed later). Tokens display a set of numbers on a small screen. Usually, the set of numbers changes every minute. This number then is joined with the user’s password, or pin number to create a passcode. A correct passcode then authenticates the user to access the secure resources. Smart Cards are used in combination with a Smart Card reader. The user will insert the card and the card sends an encrypted message to the website or, the reader displays a unique code that the user will enter. PIN/TAN stands for personal identification number / transaction number. Consumers are provided with a sheet resembling a bingo card that contains many different numbers. Each number is used once to verify a transaction. The PIN/TAN method has grown in popularity in Europe. Biometric authentication uses biological aspects of the end user, such as fingerprints or iris scans to provide authentication. Other methods of biometrics includes E-signatures and key- stroke dynamics that not only record the final signature or word, but how the signature was either written or typed. (Buss 20) Immediately one can see the increased security of implementing some form of two-factor security. Since part of the passcode is an ever changing number, the threat of eavesdropping or password interception drops dramatically. Individuals may write down their pin number in order to remember it, however, without the combined number from the key fob, the password becomes useless.
Two-Factor Authentication - 7 Another side benefit of utilizing two-factor authentication is the decreased load on the internal or contracted help desk. According to the Help Desk Institute, seventeen percent of all calls are from individuals who have lost or forgotten their passwords. People will be less likely to remember a static pin number and these types of calls to the help desk will drop. (Fogarty 68). Biometrics used as the Second Factor. The use of tokens, smart cards and key fobs are the primary second factor in two-factor authentication. However, as technology advances, biometrics are taking and increasing role to insure the identity of individuals trying to access resources. “Biometric authentication is the verification of a user’s identity by means of a physical trait or behavioral characteristic that can't easily be changed, such as a fingerprint (Kay 26).” An alternative to key fobs, tokens or smart cards, using biometrics as a part of two-part authentication is a fairly old concept. While advances in technology make biometrics more conceivable cost wise, adopting this concept still is the most expensive alternative for resource security. Biometric authentication comes in many different combinations. Seven types that are going to be discussed are signature dynamics, typing patterns, eye scans, hand geometry, fingerprint recognition, voice recognition, and facial recognition. One of the most popular biometric choices is the signature dynamic authentications. Signature dynamics do more than just record the final image of the signature. This technology also records how the image was produced like the differences in pressure and the speed in which the image was written. Because of the increased amount of variables, the electronic signature is considered unforgeable (Kay 26).
Two-Factor Authentication - 8 Nationwide Building Society dropped its iris recognition technology in favor of electronic signature pads after observing the results of an in-house study. The study concluded that iris technology could not provide a close enough link between the identification of the person and the completed transaction. Gerry Coppell, Technology Development Controller for Nationwide states, “All the (iris) technology does is to say that ‘that person was standing there in that point in time (E-Signatures 14). MotionTouch produces the legally-compliant signature technology. The signature pad has the ability to record the X and Y coordinates of the written signature, while also recording the pens pressure. The following biometric data is captured in one signature: speed through the letters, rhythm, direction, flow, pressure, and the final result (E-signatures 14). Professional forgers maybe able to reproduce the final signature of another individual; however MotionTouch feels that it will be virtually impossible to reproduce exactly how the signature was created. Trials that included e-signature technology are reporting to show no false accepts or rejects (E-signatures 14). Another reason why Nationwide switched to e-signatures was the comfort level of the end-users. People are more comfortable writing down their signatures when compared with having their iris’s scanned. Coppell states, “It’s something they’re used to (E-signatures 14).” Typing pattern technology is similar to signature dynamics. The same way that the e- signature are recorded, typing pattern biometrics record the intervals between characters and the overall speed and pattern of typing.
Two-Factor Authentication - 9 Eye scans, or iris scans receive a lot of media attention and seems to be the sexy biometric to speak of. Iris scan technology has provided many sub-plots in movies and television. Many people are uncomfortable with iris scan technology. The ideas of having a laser scan any part of your body, much less and eyeball raises many health and safety concerns. However, these concerns are unfounded, and mostly based on myths. Iris scans do not use lasers to scan your eyes. A recognition camera takes a black and white photograph and uses and non-invasive, near infrared illumination that is barely visible and very safe (Davis 32). Fingerprints are a unique biometric that have been used for decades to identify individuals. Fingerprint recognition technology also takes up relatively little space for either the hardware, or the data they capture. However, the general public is uneasy about having their fingerprints captured and stored. Until the general public can overcome this objection, fingerprint recognition authentication devices will remain an option, but not the first choice (Kay 26). Hand or palm geometry devices are similar take fingerprint recognition devices one step further. These devices measure the entire hand and measure the length and angle of individual’s fingers. This method is much more user-friendly than retinal scan devices, however the hardware that supports these devices are bulky and hot easily transported (Kay 26). Voice recognition devices verify the speaker’s voice against stored patterns of speech, and facial recognition measures the contours of the face. Features like the outlines of the eye sockets, cheekbones, sides of the mouth, and exact location of the nose and eyes. Hairline
Two-Factor Authentication - 10 features are usually not examined because of the natural tendency of change in the hairline area (Kay 26). Pros and Cons of Two-Factor Authentication. While two-factor authentication may seem like the perfect cure-all for securing networks and resources, there are many security holes that this type of authentication will not protect against. Fake websites provide would-be hackers a way of getting personal information from individuals. The ‘store-front’ looks authentic, and the user ends up entering information like credit card numbers, social security numbers and bank account information directly into the hands of an identify thief. Two-factor authentication can not protect someone against this type of man-in-the-middle attack. Another type of security breech is if the would-be hacker already has access the computer itself. Then when the user accesses either company or internet resources, the attacker then attempts to piggyback on the transmission and either perform fraudulent transactions, or access secure resources. Trojan horse attacks like this one also cannot be prevented with two-factor authentication (Schneier 136) One last factor that may inhibit the introduction of two-factor authentication is the cost. In a two-factor authentication scheme where the second factor is the use of key fobs, or tokens, the costs of those devices alone can be any where between $75 and $100 per token. (Wine 13) For a company that employ’s hundreds of personnel, this initial cost can be quite high. For a company that has thousands of customers online, the cost of the tokens alone could reach into the millions of dollars. Then there is the cost of the infrastructure needed to support the system. Servers, licensing, Administrators and support personnel have to be compensated, server
Two-Factor Authentication - 11 hardware must be kept up-to-date, and support costs and product licensing must be paid. At first thought, only companies with deep pockets might be able to afford the ability to use this functionality. However, as Franklin Curtis of Network Computing states, “Every authentication system carries costs, even if you're using the authentication capabilities included in your network operating system or enterprise application…..And even with the simplest authentication schemes, developing a user database, assigning privileges, training and supporting users, and maintenance costs must be factored in.” (Curtis 36) Two-Factor Authentication in Industry. Even though two-factor authentication has been around for decades, its adoption into the business world has been slow. However E-Trade Financial and Bank of America have recently adopted this technology to protect their online customer base. E-trade Financial adopted two-factor security with a pilot that began in December of 2004. After an initial pilot of 240 users, E-trade is going to offer free authentication tokens for a select group on individuals. Security traders with more than $50,000 in combined assets, or individuals who regularly trade more than five trades a month will receive these tokens. E-Trade has partnered with Digital Security ID to help implement these improved security standards. Opponents of implementing token based authentication say that keeping up with the token will be an inconvenience. E-Trade President, Lou Klobuchar states, “"If they care about this, and they want this additional level of security, we're providing them with a solution. If there was no inconvenience whatsoever to using it, it wouldn't be much of a solution. (Trombly: 16)" Bank of America also has implemented a different form of two-factor security. By year- end 2005, Bank of America will utilize Passmark Security’s image-based system called SiteKey.
Two-Factor Authentication - 12 Gayle Wellborn, B of A’s online products and servicing executive, states that while this additional security will start out as an option, eventually, this will become mandatory for all of their 13.2 million online banking customers (Will 7). B of A is implementing this additional technology in response of a lawsuit by a Miami businessman. A cyber criminal from Latvia used a key-logging program to get account information from the business owner, and used that information to get $90,000 wired to his personal account (Trombly 24). Instead of using a token and randomly generated numbers to authenticate to the banking network, customers will enroll into the system by picking an image they will remember, writing a phrase, and then selecting three challenge questions (Will 7). On future visits, the customer will enter their user name and then the image they selected will be displayed on the screen, along with the phrase they input upon registration. The image and phrase will then confirm to the user that they are on an authentic B of A website, and not a counterfeit site (Will 7). Avivah Litan, a vice president and research director at Gartner Inc. in Stamford, Conn., said she has been recommending the imaged-based concept to banks, stating that the Passmark Security concept is a very practical method for implementing mutual, two-way, two-factor authentication (Will 7). Conclusion Heightened security methods are here to stay. Some companies are trying to increase their own security by tightening existing password policies. To increase security at a company to remain nameless, these following rules were implemented:
Two-Factor Authentication - 13 Table 1: Example of One Companies attempt to secure a username/password combination Password Expiration No Shorter than 90 days Password History Enforced for five iterations Password length Six to eight characters Password Composition One lower case letter One number NO special characters If the password needs to be written down Should be done in a secure manner. Note:Date taken from “Password Standards Can Improve Agency Workflows and Carrier Security.” By Alvito Vaz Security cannot be taken for granted. Security ‘improvements’ like the ones stated above illustrate the fact that the people making these ‘improvements’ do not have any idea about true security features. Passwords that expire no sooner than 90 days are susceptible to eavesdropping. Having a password history of only five iterations increases the ability to guess passwords through pattern matching. Password lengths of a maximum of eight characters are not long enough. By not allowing special characters, the password can be easily guessed. Lastly, there is actually a policy in place about how to write down passwords. Most companies, 87% according to a recent study, rely solely on user identification and passwords for authentication. Even though still in their infancy, the use of tokens, smart cards and biometrics drop unauthorized access breaches drop from typically to just 3% (Hackers 32). Companies will slowly realize that addition security features will be required. Two- factor authentication will slowly be adopted into mainstream corporate America. More and more, companies will implement some of the authentication methods discussed here. However, what about the future? If the token-based method of authentication goes into critical mass, there could be a time where individuals have to keep up with multiple tokens for different logins.
Two-Factor Authentication - 14 RSA Security already has a process in place to combat the overuse of token-based authenticators. Currently, companies using RSA technology have internal servers providing the authentication against the random numbers produced by the tokens. The service that RSA can now provide would authenticate an individual’s token against RSA host servers. This will allow individuals to and from RSA secured sites without having to maintain multiple tokens (Wolfe 1). While two-factor authentication will have to undergo a ramp-up period of any number of years for the general population to grasp, the online threats to both personal and business assets and resources will only increase over time. Tokens, smart-cards, and biometric authentication methods will become as common place soon as the regular ATM and pin numbers are now. Table 2 Company’s Specializing in Two-Factor Authentication ALADDIN Arlington Heights,ILL www.ealaddin.com AUTHENEX Hayward, Calif. www.authenex.com RSA SECURITY Bedford, Mass. www.rsasecuirity.com SECURE COMPUTING San Jose, Calif. www.securecomputing.com VASCO Oakbrook Terrace, 111. www.vasco.com VERISIGN Mountain View, Calif www.verisign.com Note: Data taken from “Another Obstacle for Hackers to Scale”, by Elizabeth Wine.
Two-Factor Authentication - 15 References Bigler, Mark. “Single Sign On.” Internal Auditor December 2004: 30-34. Buss, Dale. “Two Factor, Too Tough?” Securities Industries News June 6, 2005: 16-20. Curtis, Franklin. “Strong Authentication” Network Computing February 3, 2005:34. Davis, Russ. “Giving Body to Biometrics.” British Journal of Administrative Management April/May 2005: 32-33. “E-Signatures Win Over Iris Scans.” IEE Review January 2003: 14. Fogarty, Kevin. “Paying Less for Passwords.” Baseline December, 2004: 68. “Hackers Sharpen Their Blades.” Management Services May 2004: 32-33. Kay, Russell. “Biometric Authentication.” Computerworld April 4, 2005: 26. Schneier, Bruce. “Two-Factor Authentication: Too Little, Too Late.” Communications of the ACM April, 2005: 136. Trombly, Maria. “Bank of America Moves to Strong Authentication.” Securities Industry News February 28, 2005: 24. Trombly, Maria. “E-Trade Rolls out Two-Factor Identity Check.” Securities Industry News March 7, 2005: 16. Vaz, Alvito. “Password Standards Can Improve Agency Workflows and Carrier Security.” National Underwriter / Property & Casualty Risk & Benefits Management Edition June 9, 2003: 23-25. Wildstrom, Stephen. “Securing Your PC: You’re On Your Own.” Business Week May 26, 2003:26 Will, Wade. “B of A to Use 2-Part Verification.” American Banker May 31, 2005: 7. Wilson, Jeff. “Enemy at the Gates: The Evolution of Network Security.” Business
Two-Factor Authentication - 16 Communications Review Dec. 2004: 14-18. Wine, Elizabeth. “Another Obstacle for Hackers to Scale.” Treasury and Risk Management June2005: 13. Wolf, Daniel. “Weighing Costs, Potential of 2-Tier Security Devices.” American Banker March 2, 2005: 13. Wolfe, Daniel. “Two-Step Log-ins Push Aggregators to Adjust.” American Banker June 8 2005:1-2.

Recommandé

Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesIBM Security
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
Why Two-Factor Authentication?
Why Two-Factor Authentication?Why Two-Factor Authentication?
Why Two-Factor Authentication?Fortytwo
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor AuthenticationNikhil Shaw
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]Hai Nguyen
 

Recommandé

Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesIBM Security
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
Why Two-Factor Authentication?
Why Two-Factor Authentication?Why Two-Factor Authentication?
Why Two-Factor Authentication?Fortytwo
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor AuthenticationNikhil Shaw
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]Hai Nguyen
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDECTM360
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyNick Malcolm
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Two Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactTwo Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactSalesforce Admins
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Sms based otp
Sms based otpSms based otp
Sms based otpHai Nguyen
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authenticationHai Nguyen
 
120 i143
120 i143120 i143
120 i143Hai Nguyen
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Introduction to Solus
Introduction to SolusIntroduction to Solus
Introduction to SolusSolus
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET Journal
 
SolusDeck
SolusDeckSolusDeck
SolusDeckandreeabrodo
 
Simple Two Factor Authentication
Simple Two Factor AuthenticationSimple Two Factor Authentication
Simple Two Factor AuthenticationJohn Congdon
 
Captcha Seminar report 2014 pdf
Captcha Seminar report 2014 pdfCaptcha Seminar report 2014 pdf
Captcha Seminar report 2014 pdfGanesh Dhage
 

Contenu connexe

Tendances

Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDECTM360
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyNick Malcolm
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Two Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactTwo Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactSalesforce Admins
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authenticationHai Nguyen
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Introduction to Solus
Introduction to SolusIntroduction to Solus
Introduction to SolusSolus
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET Journal
 

Tendances (20)

Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with Authy
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
 
Two Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactTwo Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major Impact
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Sms based otp
Sms based otpSms based otp
Sms based otp
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
 
120 i143
120 i143120 i143
120 i143
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSS
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Introduction to Solus
Introduction to SolusIntroduction to Solus
Introduction to Solus
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
 
SolusDeck
SolusDeckSolusDeck
SolusDeck
 

En vedette

Simple Two Factor Authentication
Simple Two Factor AuthenticationSimple Two Factor Authentication
Simple Two Factor AuthenticationJohn Congdon
 
Captcha Seminar report 2014 pdf
Captcha Seminar report 2014 pdfCaptcha Seminar report 2014 pdf
Captcha Seminar report 2014 pdfGanesh Dhage
 
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEM
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEMTWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEM
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEMNexgen Technology
 
Digital preservation
Digital preservationDigital preservation
Digital preservationSarika Sawant
 
Cese de la relación laboral
Cese de la relación laboralCese de la relación laboral
Cese de la relación laboraljavomadurga
 
Multimodal Biometric Systems
Multimodal Biometric SystemsMultimodal Biometric Systems
Multimodal Biometric SystemsPiyush Mittal
 
GESTURE RECOGNITION TECHNOLOGY
GESTURE RECOGNITION TECHNOLOGYGESTURE RECOGNITION TECHNOLOGY
GESTURE RECOGNITION TECHNOLOGYjinal thakrar
 
PORTABLE CAMERA-BASED ASSISTIVE TEXT AND PRODUCT LABEL READING FROM HAND- H...
PORTABLE CAMERA-BASED ASSISTIVE TEXT AND PRODUCT LABEL READING FROM HAND- H...PORTABLE CAMERA-BASED ASSISTIVE TEXT AND PRODUCT LABEL READING FROM HAND- H...
PORTABLE CAMERA-BASED ASSISTIVE TEXT AND PRODUCT LABEL READING FROM HAND- H...Sathmica K
 
Computer science seminar topics
Computer science seminar topicsComputer science seminar topics
Computer science seminar topics123seminarsonly
 
Digital watermarking
Digital watermarkingDigital watermarking
Digital watermarkingAnkush Kr
 
Gesture recognition technology
Gesture recognition technology Gesture recognition technology
Gesture recognition technology Nagamani Gurram
 

En vedette (19)

Simple Two Factor Authentication
Simple Two Factor AuthenticationSimple Two Factor Authentication
Simple Two Factor Authentication
 
Captcha Seminar report 2014 pdf
Captcha Seminar report 2014 pdfCaptcha Seminar report 2014 pdf
Captcha Seminar report 2014 pdf
 
Wine (software)
Wine (software)Wine (software)
Wine (software)
 
Tipos de contrato
Tipos de contratoTipos de contrato
Tipos de contrato
 
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEM
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEMTWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEM
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEM
 
Digital preservation
Digital preservationDigital preservation
Digital preservation
 
Cese de la relación laboral
Cese de la relación laboralCese de la relación laboral
Cese de la relación laboral
 
Multimodal Biometric Systems
Multimodal Biometric SystemsMultimodal Biometric Systems
Multimodal Biometric Systems
 
GESTURE RECOGNITION TECHNOLOGY
GESTURE RECOGNITION TECHNOLOGYGESTURE RECOGNITION TECHNOLOGY
GESTURE RECOGNITION TECHNOLOGY
 
Ppt 1
Ppt 1Ppt 1
Ppt 1
 
wearable technology
wearable technology wearable technology
wearable technology
 
Gesture recognition
Gesture recognitionGesture recognition
Gesture recognition
 
Ppt on seminar
Ppt on seminarPpt on seminar
Ppt on seminar
 
PORTABLE CAMERA-BASED ASSISTIVE TEXT AND PRODUCT LABEL READING FROM HAND- H...
PORTABLE CAMERA-BASED ASSISTIVE TEXT AND PRODUCT LABEL READING FROM HAND- H...PORTABLE CAMERA-BASED ASSISTIVE TEXT AND PRODUCT LABEL READING FROM HAND- H...
PORTABLE CAMERA-BASED ASSISTIVE TEXT AND PRODUCT LABEL READING FROM HAND- H...
 
Computer science seminar topics
Computer science seminar topicsComputer science seminar topics
Computer science seminar topics
 
Digital watermarking
Digital watermarkingDigital watermarking
Digital watermarking
 
Gesture recognition technology
Gesture recognition technology Gesture recognition technology
Gesture recognition technology
 
Mobile commerce ppt
Mobile commerce pptMobile commerce ppt
Mobile commerce ppt
 
M commerce ppt
M commerce pptM commerce ppt
M commerce ppt
 

Similaire à Two-Factor Authentication for Increased Online Security

Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor AuthenticationPing Identity
 
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd Iaetsd
 
1208 wp-two-factor-and-swivel-whitepaper
1208 wp-two-factor-and-swivel-whitepaper1208 wp-two-factor-and-swivel-whitepaper
1208 wp-two-factor-and-swivel-whitepaperHai Nguyen
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheetHai Nguyen
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Securityijtsrd
 
Biometric Authentication Technology - Report
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - ReportNavin Kumar
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!Caroline Johnson
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignRajat Jain
 
Role Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online TransactionsRole Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online TransactionsITIO Innovex
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanAsad Zaman
 
Brafton White Paper Example
Brafton White Paper ExampleBrafton White Paper Example
Brafton White Paper ExampleKayla Perry
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsHitoshi Kokumai
 
Evolution of Digital Trust
Evolution of Digital TrustEvolution of Digital Trust
Evolution of Digital TrustBahaa Al Zubaidi
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolIJERD Editor
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)Hitoshi Kokumai
 

Similaire à Two-Factor Authentication for Increased Online Security (20)

Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor Authentication
 
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authentication
 
1208 wp-two-factor-and-swivel-whitepaper
1208 wp-two-factor-and-swivel-whitepaper1208 wp-two-factor-and-swivel-whitepaper
1208 wp-two-factor-and-swivel-whitepaper
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
 
C02
C02C02
C02
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Security
 
Biometric Authentication Technology - Report
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - Report
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!
 
Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
 
Role Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online TransactionsRole Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online Transactions
 
Evolution of MFA.pptx
Evolution of MFA.pptxEvolution of MFA.pptx
Evolution of MFA.pptx
 
Smart Password
Smart PasswordSmart Password
Smart Password
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
 
Brafton White Paper Example
Brafton White Paper ExampleBrafton White Paper Example
Brafton White Paper Example
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password Systems
 
Evolution of Digital Trust
Evolution of Digital TrustEvolution of Digital Trust
Evolution of Digital Trust
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)
 

Plus de Hai Nguyen

Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheetHai Nguyen
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthenticationHai Nguyen
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Hai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 enHai Nguyen
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationHai Nguyen
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseHai Nguyen
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Hai Nguyen
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheetHai Nguyen
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationHai Nguyen
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationxHai Nguyen
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingHai Nguyen
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowresHai Nguyen
 
Attachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromiseAttachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromiseHai Nguyen
 
Ams 2 fa april 2013
Ams 2 fa april 2013Ams 2 fa april 2013
Ams 2 fa april 2013Hai Nguyen
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210Hai Nguyen
 
9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808Hai Nguyen
 

Plus de Hai Nguyen (20)

Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthentication
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
 
Gambling
GamblingGambling
Gambling
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
 
Csd6059
Csd6059Csd6059
Csd6059
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowres
 
Bi guardotp
Bi guardotpBi guardotp
Bi guardotp
 
Attachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromiseAttachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromise
 
Ams 2 fa april 2013
Ams 2 fa april 2013Ams 2 fa april 2013
Ams 2 fa april 2013
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
 
9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808
 

Dernier

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 

Dernier (20)

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 

Two-Factor Authentication for Increased Online Security

  • 1. Two-Factor Authentication - 1 Two-Factor Authentication Abstract Today’s widespread use of single-factor authentication is in the midst of change. Both corporate and personal assets are at risk against people trying impersonating users and stealing money and information. Single-factor authentication methods such as the basic username/password combination are no longer sufficient enough. Two-factor authentication provides a significant increase in security. No longer will an un-secured password provide enough information to a hacker to allow a breach in security. The password or pin number must be used in conjunction the use of tokens, smart-cards or even biometrics. The combination of the two factors will provide companies make sure of the people accessing secure systems. Roger Elrod East Carolina University Summer 2005 DTEC 6870 Semester Project Due: July 17, 2005.
  • 2. Two-Factor Authentication - 2 Table of Contents Two Factor Authentication ............................................................................................................. 3 Introduction ................................................................................................................................. 3 Single-Factor Authentication....................................................................................................... 3 Problems with Single-Factor Authentication........................................................................... 4 Two-Factor Authentication.......................................................................................................... 5 Biometrics used as the Second Factor. .................................................................................... 7 Pros and Cons of Two-Factor Authentication. ...................................................................... 10 Two-Factor Authentication in Industry.................................................................................. 11 Conclusion................................................................................................................................. 12 References..................................................................................................................................... 15
  • 3. Two-Factor Authentication - 3 Two Factor Authentication Introduction If you are walking down the street and you ask for my name, how would you know I am telling you the truth? Well, since you would have no real reason to doubt me, you may just take my word on the matter. But if you were not a trusting sole, you may ask to see some identification. At that point, burden of proof would be on me. I could either decline the offer to prove my identity to you and just walk away, or I could reach for my driver’s license. Upon seeing the driver’s license, you could either proceed with the conversation believing that my driver’s license is real, or, you could just walk away or even report me to the authorities. The identification process in a face-to-face setting is pretty much that straight-forward. But in this day and age, how many times do we actually meet someone in person and have to wonder if they are who they say they are? Nowadays, more and more people are conducting business in cyberspace. Corporate networks and the Internet have opened up the opportunity for many lucrative business ventures. The aspect of identity authentication has become of a primary concern for all kinds of businesses. Single-Factor Authentication The most prevalent authentication type in use today is single-factor authentication. In short, single-factor authentication is your basic username/ password combination. The single factor in this case is something you know; your password. Most business networks and most internet sites use basic username/password combination to allow access to secured or private resources.
  • 4. Two-Factor Authentication - 4 Problems with Single-Factor Authentication. How often are usernames and passwords utilized in the daily course of life? At the workplace, employees have to log into their corporate network at least once a day. Some companies still utilize multiple networks. Multiple networks add additional username/password combinations to remember and use. Still many other companies with mainframe capabilities require an additional login credentials. All of the different networks and mainframe’s then have different password standards and different lengths of time until the password will need to be changed. The second 50% of the combination, the password, is the main component of the phrase that is often miss-understood, miss-managed and too often taken for granted. Studies have shown that many users write down their password, choose easily guessed passwords, constantly re-use old passwords and sometimes share their passwords with other people. Technicians often report finding users password on sticky notes under the keyboard, or just stuck on the side of their monitor (Bigler 32). The Microsoft Corporation has attempted to mitigate one of the inherit problems with the username/password combination. Microsoft has been a proponent of the idea of using “Strong Passwords.” Instead of having people use common names for password, Microsoft has detailed the use of using a combination of letters, numbers, and special characters for passwords. While guessing someone’s password will be more difficult if the password is “#$#rU78!”, the use of strong passwords will still not deter individuals from writing their passwords down. In fact, the use of “strong passwords” will likely increase the number of times someone jots down their password, just so they do not forget it. (Wildstrom 26)
  • 5. Two-Factor Authentication - 5 The common username/password combination is a form of single-factor authentication; the single factor being the password. Another form of authentication, two-factor authentication, is again starting to get noticed in the workplace. The increased use of two-factor authentication is helping to mitigate most of the problems of the basic username/ password system. If usernames are only utilized in the workplace then that might be something that an individual can handle. However, the Internet has thousands of sites that require even more user name and password combinations. This proliferation of “secure sites” causes individuals to undermine the whole idea of personal security. Many problems exist within the world of single-factor authentication. The first part of username/password combination, the username, may seem non-threatening in a security sense. However, in a single-factor authentication site, knowing the username, or even the current naming convention of the usernames within an organization already give the potential hacker/thief 50% of the information required to gain access to vital information. A would be hacker with knowledge of correct usernames can then use specially designed software to try to guess the password. Many people use their pet’s name as a password. Still others use their social security number as their password. While still a few trusting soles use the word “password” as their password. Many programs exist that will easily decipher passwords that use common words or names within seconds. Two-Factor Authentication Two-factor authentication provides a significant increase in security over the traditional username/password combination. The two factors of two factor authentication are: something you know and something you have. In the single-factor world of authentication, the password
  • 6. Two-Factor Authentication - 6 was the “something you know” part. The additional factor, “something you have”, is the key component. The something you have component can either be tokens, smart cards, pin/tan’s, and biometrics (to be discussed later). Tokens display a set of numbers on a small screen. Usually, the set of numbers changes every minute. This number then is joined with the user’s password, or pin number to create a passcode. A correct passcode then authenticates the user to access the secure resources. Smart Cards are used in combination with a Smart Card reader. The user will insert the card and the card sends an encrypted message to the website or, the reader displays a unique code that the user will enter. PIN/TAN stands for personal identification number / transaction number. Consumers are provided with a sheet resembling a bingo card that contains many different numbers. Each number is used once to verify a transaction. The PIN/TAN method has grown in popularity in Europe. Biometric authentication uses biological aspects of the end user, such as fingerprints or iris scans to provide authentication. Other methods of biometrics includes E-signatures and key- stroke dynamics that not only record the final signature or word, but how the signature was either written or typed. (Buss 20) Immediately one can see the increased security of implementing some form of two-factor security. Since part of the passcode is an ever changing number, the threat of eavesdropping or password interception drops dramatically. Individuals may write down their pin number in order to remember it, however, without the combined number from the key fob, the password becomes useless.
  • 7. Two-Factor Authentication - 7 Another side benefit of utilizing two-factor authentication is the decreased load on the internal or contracted help desk. According to the Help Desk Institute, seventeen percent of all calls are from individuals who have lost or forgotten their passwords. People will be less likely to remember a static pin number and these types of calls to the help desk will drop. (Fogarty 68). Biometrics used as the Second Factor. The use of tokens, smart cards and key fobs are the primary second factor in two-factor authentication. However, as technology advances, biometrics are taking and increasing role to insure the identity of individuals trying to access resources. “Biometric authentication is the verification of a user’s identity by means of a physical trait or behavioral characteristic that can't easily be changed, such as a fingerprint (Kay 26).” An alternative to key fobs, tokens or smart cards, using biometrics as a part of two-part authentication is a fairly old concept. While advances in technology make biometrics more conceivable cost wise, adopting this concept still is the most expensive alternative for resource security. Biometric authentication comes in many different combinations. Seven types that are going to be discussed are signature dynamics, typing patterns, eye scans, hand geometry, fingerprint recognition, voice recognition, and facial recognition. One of the most popular biometric choices is the signature dynamic authentications. Signature dynamics do more than just record the final image of the signature. This technology also records how the image was produced like the differences in pressure and the speed in which the image was written. Because of the increased amount of variables, the electronic signature is considered unforgeable (Kay 26).
  • 8. Two-Factor Authentication - 8 Nationwide Building Society dropped its iris recognition technology in favor of electronic signature pads after observing the results of an in-house study. The study concluded that iris technology could not provide a close enough link between the identification of the person and the completed transaction. Gerry Coppell, Technology Development Controller for Nationwide states, “All the (iris) technology does is to say that ‘that person was standing there in that point in time (E-Signatures 14). MotionTouch produces the legally-compliant signature technology. The signature pad has the ability to record the X and Y coordinates of the written signature, while also recording the pens pressure. The following biometric data is captured in one signature: speed through the letters, rhythm, direction, flow, pressure, and the final result (E-signatures 14). Professional forgers maybe able to reproduce the final signature of another individual; however MotionTouch feels that it will be virtually impossible to reproduce exactly how the signature was created. Trials that included e-signature technology are reporting to show no false accepts or rejects (E-signatures 14). Another reason why Nationwide switched to e-signatures was the comfort level of the end-users. People are more comfortable writing down their signatures when compared with having their iris’s scanned. Coppell states, “It’s something they’re used to (E-signatures 14).” Typing pattern technology is similar to signature dynamics. The same way that the e- signature are recorded, typing pattern biometrics record the intervals between characters and the overall speed and pattern of typing.
  • 9. Two-Factor Authentication - 9 Eye scans, or iris scans receive a lot of media attention and seems to be the sexy biometric to speak of. Iris scan technology has provided many sub-plots in movies and television. Many people are uncomfortable with iris scan technology. The ideas of having a laser scan any part of your body, much less and eyeball raises many health and safety concerns. However, these concerns are unfounded, and mostly based on myths. Iris scans do not use lasers to scan your eyes. A recognition camera takes a black and white photograph and uses and non-invasive, near infrared illumination that is barely visible and very safe (Davis 32). Fingerprints are a unique biometric that have been used for decades to identify individuals. Fingerprint recognition technology also takes up relatively little space for either the hardware, or the data they capture. However, the general public is uneasy about having their fingerprints captured and stored. Until the general public can overcome this objection, fingerprint recognition authentication devices will remain an option, but not the first choice (Kay 26). Hand or palm geometry devices are similar take fingerprint recognition devices one step further. These devices measure the entire hand and measure the length and angle of individual’s fingers. This method is much more user-friendly than retinal scan devices, however the hardware that supports these devices are bulky and hot easily transported (Kay 26). Voice recognition devices verify the speaker’s voice against stored patterns of speech, and facial recognition measures the contours of the face. Features like the outlines of the eye sockets, cheekbones, sides of the mouth, and exact location of the nose and eyes. Hairline
  • 10. Two-Factor Authentication - 10 features are usually not examined because of the natural tendency of change in the hairline area (Kay 26). Pros and Cons of Two-Factor Authentication. While two-factor authentication may seem like the perfect cure-all for securing networks and resources, there are many security holes that this type of authentication will not protect against. Fake websites provide would-be hackers a way of getting personal information from individuals. The ‘store-front’ looks authentic, and the user ends up entering information like credit card numbers, social security numbers and bank account information directly into the hands of an identify thief. Two-factor authentication can not protect someone against this type of man-in-the-middle attack. Another type of security breech is if the would-be hacker already has access the computer itself. Then when the user accesses either company or internet resources, the attacker then attempts to piggyback on the transmission and either perform fraudulent transactions, or access secure resources. Trojan horse attacks like this one also cannot be prevented with two-factor authentication (Schneier 136) One last factor that may inhibit the introduction of two-factor authentication is the cost. In a two-factor authentication scheme where the second factor is the use of key fobs, or tokens, the costs of those devices alone can be any where between $75 and $100 per token. (Wine 13) For a company that employ’s hundreds of personnel, this initial cost can be quite high. For a company that has thousands of customers online, the cost of the tokens alone could reach into the millions of dollars. Then there is the cost of the infrastructure needed to support the system. Servers, licensing, Administrators and support personnel have to be compensated, server
  • 11. Two-Factor Authentication - 11 hardware must be kept up-to-date, and support costs and product licensing must be paid. At first thought, only companies with deep pockets might be able to afford the ability to use this functionality. However, as Franklin Curtis of Network Computing states, “Every authentication system carries costs, even if you're using the authentication capabilities included in your network operating system or enterprise application…..And even with the simplest authentication schemes, developing a user database, assigning privileges, training and supporting users, and maintenance costs must be factored in.” (Curtis 36) Two-Factor Authentication in Industry. Even though two-factor authentication has been around for decades, its adoption into the business world has been slow. However E-Trade Financial and Bank of America have recently adopted this technology to protect their online customer base. E-trade Financial adopted two-factor security with a pilot that began in December of 2004. After an initial pilot of 240 users, E-trade is going to offer free authentication tokens for a select group on individuals. Security traders with more than $50,000 in combined assets, or individuals who regularly trade more than five trades a month will receive these tokens. E-Trade has partnered with Digital Security ID to help implement these improved security standards. Opponents of implementing token based authentication say that keeping up with the token will be an inconvenience. E-Trade President, Lou Klobuchar states, “"If they care about this, and they want this additional level of security, we're providing them with a solution. If there was no inconvenience whatsoever to using it, it wouldn't be much of a solution. (Trombly: 16)" Bank of America also has implemented a different form of two-factor security. By year- end 2005, Bank of America will utilize Passmark Security’s image-based system called SiteKey.
  • 12. Two-Factor Authentication - 12 Gayle Wellborn, B of A’s online products and servicing executive, states that while this additional security will start out as an option, eventually, this will become mandatory for all of their 13.2 million online banking customers (Will 7). B of A is implementing this additional technology in response of a lawsuit by a Miami businessman. A cyber criminal from Latvia used a key-logging program to get account information from the business owner, and used that information to get $90,000 wired to his personal account (Trombly 24). Instead of using a token and randomly generated numbers to authenticate to the banking network, customers will enroll into the system by picking an image they will remember, writing a phrase, and then selecting three challenge questions (Will 7). On future visits, the customer will enter their user name and then the image they selected will be displayed on the screen, along with the phrase they input upon registration. The image and phrase will then confirm to the user that they are on an authentic B of A website, and not a counterfeit site (Will 7). Avivah Litan, a vice president and research director at Gartner Inc. in Stamford, Conn., said she has been recommending the imaged-based concept to banks, stating that the Passmark Security concept is a very practical method for implementing mutual, two-way, two-factor authentication (Will 7). Conclusion Heightened security methods are here to stay. Some companies are trying to increase their own security by tightening existing password policies. To increase security at a company to remain nameless, these following rules were implemented:
  • 13. Two-Factor Authentication - 13 Table 1: Example of One Companies attempt to secure a username/password combination Password Expiration No Shorter than 90 days Password History Enforced for five iterations Password length Six to eight characters Password Composition One lower case letter One number NO special characters If the password needs to be written down Should be done in a secure manner. Note:Date taken from “Password Standards Can Improve Agency Workflows and Carrier Security.” By Alvito Vaz Security cannot be taken for granted. Security ‘improvements’ like the ones stated above illustrate the fact that the people making these ‘improvements’ do not have any idea about true security features. Passwords that expire no sooner than 90 days are susceptible to eavesdropping. Having a password history of only five iterations increases the ability to guess passwords through pattern matching. Password lengths of a maximum of eight characters are not long enough. By not allowing special characters, the password can be easily guessed. Lastly, there is actually a policy in place about how to write down passwords. Most companies, 87% according to a recent study, rely solely on user identification and passwords for authentication. Even though still in their infancy, the use of tokens, smart cards and biometrics drop unauthorized access breaches drop from typically to just 3% (Hackers 32). Companies will slowly realize that addition security features will be required. Two- factor authentication will slowly be adopted into mainstream corporate America. More and more, companies will implement some of the authentication methods discussed here. However, what about the future? If the token-based method of authentication goes into critical mass, there could be a time where individuals have to keep up with multiple tokens for different logins.
  • 14. Two-Factor Authentication - 14 RSA Security already has a process in place to combat the overuse of token-based authenticators. Currently, companies using RSA technology have internal servers providing the authentication against the random numbers produced by the tokens. The service that RSA can now provide would authenticate an individual’s token against RSA host servers. This will allow individuals to and from RSA secured sites without having to maintain multiple tokens (Wolfe 1). While two-factor authentication will have to undergo a ramp-up period of any number of years for the general population to grasp, the online threats to both personal and business assets and resources will only increase over time. Tokens, smart-cards, and biometric authentication methods will become as common place soon as the regular ATM and pin numbers are now. Table 2 Company’s Specializing in Two-Factor Authentication ALADDIN Arlington Heights,ILL www.ealaddin.com AUTHENEX Hayward, Calif. www.authenex.com RSA SECURITY Bedford, Mass. www.rsasecuirity.com SECURE COMPUTING San Jose, Calif. www.securecomputing.com VASCO Oakbrook Terrace, 111. www.vasco.com VERISIGN Mountain View, Calif www.verisign.com Note: Data taken from “Another Obstacle for Hackers to Scale”, by Elizabeth Wine.
  • 15. Two-Factor Authentication - 15 References Bigler, Mark. “Single Sign On.” Internal Auditor December 2004: 30-34. Buss, Dale. “Two Factor, Too Tough?” Securities Industries News June 6, 2005: 16-20. Curtis, Franklin. “Strong Authentication” Network Computing February 3, 2005:34. Davis, Russ. “Giving Body to Biometrics.” British Journal of Administrative Management April/May 2005: 32-33. “E-Signatures Win Over Iris Scans.” IEE Review January 2003: 14. Fogarty, Kevin. “Paying Less for Passwords.” Baseline December, 2004: 68. “Hackers Sharpen Their Blades.” Management Services May 2004: 32-33. Kay, Russell. “Biometric Authentication.” Computerworld April 4, 2005: 26. Schneier, Bruce. “Two-Factor Authentication: Too Little, Too Late.” Communications of the ACM April, 2005: 136. Trombly, Maria. “Bank of America Moves to Strong Authentication.” Securities Industry News February 28, 2005: 24. Trombly, Maria. “E-Trade Rolls out Two-Factor Identity Check.” Securities Industry News March 7, 2005: 16. Vaz, Alvito. “Password Standards Can Improve Agency Workflows and Carrier Security.” National Underwriter / Property & Casualty Risk & Benefits Management Edition June 9, 2003: 23-25. Wildstrom, Stephen. “Securing Your PC: You’re On Your Own.” Business Week May 26, 2003:26 Will, Wade. “B of A to Use 2-Part Verification.” American Banker May 31, 2005: 7. Wilson, Jeff. “Enemy at the Gates: The Evolution of Network Security.” Business
  • 16. Two-Factor Authentication - 16 Communications Review Dec. 2004: 14-18. Wine, Elizabeth. “Another Obstacle for Hackers to Scale.” Treasury and Risk Management June2005: 13. Wolf, Daniel. “Weighing Costs, Potential of 2-Tier Security Devices.” American Banker March 2, 2005: 13. Wolfe, Daniel. “Two-Step Log-ins Push Aggregators to Adjust.” American Banker June 8 2005:1-2.