Authentication is a process that ensures and confirms a user’s identity. Authentication begins when a user tries to access information. First, the user must prove his access rights and identity. When logging into a computer, users commonly enter usernames and passwords for authentication purposes. This login combination, which must be assigned to each user, authenticates access. However, this type of authentication can be circumvented by hackers.
US Federal regulators recognise three authentication factors:
- Something you know – a password or PIN
- Something you have – a smart card, USB key, PKI (Public Key Infrastructure) certificate or mobile phone
- Something you are – a biometric characteristic, e.g. fingerprint or voice pattern
Multi-factor authentication means that you authenticate a user with two or more factors. Ideally, different authentication factors should be used in combination
How Multi-Factor Authentication is Secure
Additional authentication factors prevent someone from signing into your account, even if they know your password. Although you may think your password is safe, it can be compromised in a number of ways: Most individuals choose easy-to-remember passwords and reuse it for several applications – those who know you can easily guess a pet’s name, a birthplace or an important date; Someone looking over your shoulder can decipher your password; Finally, a more sophisticated technique that can compromise your login credentials is a key logger that records all key strokes and sends them to a third party.
If authentication requires both a password and, say, a USB key, a criminal would need to know your credentials and be in possession of your USB key in order to sign into your account.
Authentication can be made even stronger by combining additional factors; you can add a PKI certificate in your browser or only access an account from a trusted IP address.
Strong Authentication Factors
There are a variety of second authentication factors that can be used to secure application access. Here are some examples:
One-time password (OTP) – A unique password which can only be used once. This is typically a long string of numbers generated based on a complex algorithm, which is checked against the OTP provider’s server in the cloud. Even if someone manages to steal your password, it cannot be reused.
Time-based PIN – A sequence of digits which have to be entered within a short window, typically 30-60 seconds. The PIN can be generated by a software application or hardware device with a very precise clock. The security lies in the fact that the PIN is only valid for a short period of time.
Fingerprint – The user has to place their index finger on a fingerprint pad when logging in. The fingerprint is matched against the pattern registered for the user in the identity provider?s system.
PKI certificates – PKI certificates, issued by a trusted certificate authority, is installed in the user’s browser. The identity provider can check for the presence of valid certificates as well as revoke them at any time. Only a browser with a valid certificate will be allowed to sign in.
To further strengthen the user authentication process, several factors can be combined.
Zinopy partners with the leading manufacturers of Authentication technologies in the market. 20 years of experience in this field put us in an ideal position to be able to advise your organisation on the most suitable form of authentication to secure your business.