Hot Stuff! Multi-Factor Authentication

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

In security terms, authentication describes any of a number of mechanisms that may be used to demonstrate or prove user identity. These include techniques or technologies like account and password authentication, pass phrases, various challenge-response mechanisms, smart cards, security tokens, and biometric devices that may scan retinal patterns, fingerprints, or voiceprints to check and demonstrate human identity. Multi-factor authentication simply means that two or more authentication mechanisms are combined to provide a higher level of authentication than any single mechanism could provide on its own.


The most common (and cheapest) form of multi-factor authentication is two-factor authentication, where two authentication mechanisms combine to raise the bar on entry to specific systems or services. Laptops or notebook computers can be configured to require two forms of authentication–typically, account and password plus a security token or a smart card and a PIN—so that thieves who steal such machines cannot access their contents despite physical possession of the machine (which permits tools like NT Locksmith to break through password/account protection on Windows XP or 2000 systems with ease). Likewise, some such configurations combine password/account information at the operating system with different password/account information to access drive-level encryption software. Without both sets of keys, as it were, nobody can access a machine’s contents, thereby making it safe enough to take on the road.


Two-factor authentication is also often used when employees, partners, or contractors require remote access to networks and systems. In these situations, password/account information (something a user knows) is combined with a physical device like a security token or smart card (something the user has in his or her possession) or with biometric data (something a user is) to determine if remote access will be allowed or denied. Recent widespread adoption of easy-to-use device interfaces like USB and smart card readers has made this approach affordable; other two-factor systems avoid added hardware costs by using cell-phones and text messaging to obtain one-time-use entry passwords that must be used with normal password/account authentication to gain system access.


Token and mobile phone based vendors of two-factor authentication systems appear in Table 2.


Table 2: Two-factor authentication systems



Name & type



Ikey (token based)


ASAS (token based)

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|