Vasco Demo Site - authentication

Authentic:

being what it purports to be; genuine;
not of doubtful origin; real;

— Webster's Revised Unabridged Dictionary

In the world of information technology, authentication is the process of verifying that the digital identities of computers, and the physical identities of people, are authentic. When you attempt to verify the identify of a person, the process is called user authentication.

A person can use a password to authenticate their identity, but passwords are very susceptible to attack. Organizations must apply strong user authentication techniques to be more certain that a user's identity is authentic.

The term strong user authentication describes any authentication process that increases the likelihood that a user's identity will be verified correctly. Strong user authentication is achieved by combining two or more authentication factors.

There are three ways to authenticate the identity of a user:

The user presents something they know, such as a password. This approach is known as a Knowledge factor.
The user presents something they have in their possession, such as a token or a card. This approach is known as a Possession factor.
The user presents a personal physical attribute, such as a fingerprint or a retinal scan. This approach is known as a Being factor.

Something You Know
Passwords are the most common method of using confidential knowledge to authenticate users. Easy to administrate and convenient for most users, passwords are also the least expensive method of user authentication.

Unfortunately, passwords have some drawbacks. Often, user-selected passwords are very short and simple, which makes them easy to guess. This problem is usually solved by implementing password rules that may require a certain password length or include capital letters or numbers, and may even force users to change passwords on a regular basis. Unfortunately, these rules make passwords even harder to remember, which leads some users to write them down and compromise the original goal of security.

Even with password rules in place, passwords can still be shared between users who want more convenience, which can make the system more vulnerable. In addition, passwords can be stolen by monitoring keyboard keystrokes or network traffic, by tricking individuals into revealing their passwords, or by guessing at them with brute force methods such as dictionary attacks.

Knowledge factors such as password authentication are viewed as a weak form of user authentication because of the problems discussed above. However, knowledge factors are still valuable in high-security applications when combined with other factors such as possession factors.

Something You Have
A stronger way to authenticate users is to provide them with tokens that contain a digital code that acts like a key. An example of a token found in everyday use is a remote key for locking and unlocking vehicle doors. Tokens that are used to access computer networks include:

Digipass® tokens, which are available as both hardware and software tokens. These tokens generate a different code every thirty-six seconds. The one-time password is protected with a personalized PIN code and is synchronized with the log-in server. Because the code changes every minute, it is impossible for a hacker to record the code and use it later to login to the system.
Smart cards, which are similar in size to a standard credit card. These tokens are inserted into a card reader as part of the authentication process. They often contain a digital certificate and they are usually presented in combination with a password or Personal Identification Number (PIN).

Tokens are a very cost-effective and popular method of delivering authentication when combined with a knowledge factor to achieve two-factor security. Tokens represent a stronger method of user authentication than knowledge factors alone because they can be combined with factors of user authentication: possession (the token) and knowledge (the password or PIN).

The Bottom Line
e-Business in the 21st century requires that digital identities are authenticated to protect intellectual property and people’s identities. Two-factor authentication, such as Digipass technology, is a highly effective and cost-effective methodology in securing one’s network and enterprise.