They say a chain is only as strong as its weakest link. In the world of IT systems, you don’t want that weak link to be user authentication. Once a hacker gains access to a system as a valid (potentially high level) user, the amount of damage they can do is unlimited. There are different ways to validate a user’s identity and they have different levels of security. Using the three little pigs as an analogy, let’s take a look at the options:
1) The straw house – This is what we call single factor authentication. This just involves something you know or have. An example for physical security is a badge that is tapped on a door reader to gain access. If someone gets hold of the badge, that’s all they need to walk into the building. Another in the IT world is the familiar user ID and password. It’s what a majority of users use to gain access to their computer’s OS and applications. This has the potential to be fairly secure, but often times isn’t due to poor password choice. Users frequently pick passwords that are easy for them to remember which means they are easy for hackers to crack. Once they know the password they have total access to the system/application.
2) The stick house – A more secure option is what we call two factor authentication. This involves something you know and something you have. An example of this is would be an RFID badge along with a user defined PIN. You have to be in possession of the badge and know the PIN to gain access, similar to using an ATM card. If the badge is stolen it’s useless without knowing the PIN. If you know the PIN but don’t have access to the badge, again no harm done. This increases security as a hacker would have to gain physical access to the badge as well as learn the PIN. As soon as a user realizes they lost their badge it can be replaced with a different one and the lost badge deactivated.
3) The brick house – At the top end we have something you are, meaning biometrics. This has the benefit of the authentication material isn’t something that can be lost or stolen. The user always has it with them and it can’t be forgotten. It’s impossible for the hacker to gain access to this credential (with the exception of techniques from some James Bond style spy movies of course). An example of this is a fingerprint reader. The user’s fingerprint is scanned and associated to their user ID. In the future they just place their finger on the reader and it matches the scanned print to the stored print to authenticate the user.
As you can see, moving up from a single authentication factor can provide additional security to user’s systems and applications. IBM Security Access Manager for Enterprise Single Sign On integrates out of the box with numerous RFID and fingerprint readers to provide flexible strong authentication to end user workstations. Once the user is authenticated to their computer, SAM ESSO has the rest of the credentials needed to access all their applications securely stored and will automatically authenticate to them. So consider contacting PathMaker Group to discuss how we can increase the security to your end user workstations before the big bad wolf comes huffing and puffing!