Strong authentication, or advanced authentication (AA) goes beyond single simple passwords to authenticate. More factors are required to establish whether a user is exactly the one who is allowed access to the system or not.
Unique passwords are used in authentication systems, particularly to prevent fraud and gather behavioral intelligence as part of enterprise security measures.
Meanwhile, the concept of mobile-ready enterprise has led to the dissolution of traditional boundaries as cloud services, smart mobility initiatives, and bring-your-own-device (BYOD) policies have taken center-stage. This caused these major problems to emerge:
- Mobile users are being overwhelmed by password proliferation as Internet-connected devices continue to increase per person to a present number of 5 devices individually.
- The rise of online banking portals, shopping, huge traffic in social media and a plethora of applications for the smartphones, users are juggling several types of password authentication measures for dozens of systems
- Many mobile app developers utilize poor security practices to cope with vulnerabilities exposed due to use of mobile devices in the enterprise.
- Users can allow unauthorized access to weakly protected systems too.
What do Enterprises do for authentication measures nowadays?
Authentication measures nowadays revolve around something the user knows like Personal identification number (PIN) or a personal password; something the user has like the smart card; and something that they are; including their measurable physical characteristic like fingerprint authentication or speech recognition.
All these are great authentication measures, but quite prone to thievery. Also, individually, there are limitations involved with each of these approaches. Smart cards can be stolen, passwords can be cracked, although physical characteristics-based approach is the strongest, but the costliest to implement too.
Making Authentication Stronger
To make authentication stronger, mobile app developers and enterprise security experts can combine all the above methods, with multifactor authentication.
- Two-factor authentication uses a PIN code and a SecurID token for getting the user logged in. The ATM card is one good example of this
- Three-factor authentication can be used too wherein biometrics come into play for authenticating users to the network. One can store fingerprint information and access restricted by user's PIN too.
- Enterprises should implement differing levels of access based on the overall risk and responsibility associated with the level of users and their transactions
- Rely on transparent, layered security capabilities for a security boost, without affecting user experience in any way.
- Advanced Fraud Detection measures including geographic location tracking and device information can help you limit access to trusted devices alone in different geographies
- A supplementary way of authentication, including a one-time password while connecting personal devices or locations can be embraced.
- The biggest enterprises across the world rely on technology connected to behavioral analysis, so that the on-going authentication features take user behavior into account. The improved forensics capabilities can also add to the constant monitoring and analytical process
- Any deviations from regular behavior can be detected without compromising privacy. The deviation can lead the system to re-authenticate the user and even include the event in the audit database for further analysis
- A quick deployment can reduce unnecessary complexity or costs involved. One can have a consolidated view for credential issuance on top of identity assurance solutions so that it is easy to revoke or grant accessibility easily.
- Strong authentication measures need to be integrated with ongoing management tools by application developers with a consistent UI for authentication management.
It is important to note that strong authentication measures should not be too complex for the users. They should be to use without disrupting workflows, should leverage existing IDs, smart cards and mobile phones for secure access extension.
Additional measures of authentication
When it comes to authentication, one size cannot fit all enterprises. Some enterprises rely on OTP authentication that blends well with enterprise use cases. For higher security measures, especially e-government, PKI authentication is useful especially since it utilizes a private non-transferable encryption key, which is stored as hardware token. Both OTP and PKI authentication are useful for different scenarios and hence, are recognized by government regulations.