See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.

Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

QuickStudy: Authentication

Russell Kay Today’s Top Stories

or Other Networking and Internet Stories

March 27, 2000 (Computerworld) -- Who are you? Do you belong here? What rights do you have? And how do I know you're who you say you are?

Those are the essential questions that any effective security system must answer before a user can access a computer system, network or other protected resource. We think this is what a password system does, but passwords are only one part of an effective security system. That security system requires three separate elements - identification, authentication and authorization - that together make up what's called access control.

More
Computerworld
QuickStudies

When you log into a computer or network, the first thing you're asked for is a user name or account name. But a user name offers little protection to the system. Therefore, the system also usually prompts you for a password, a form of authentication.

Authentication

The question, "How do I know you're who you say you are?," is in many ways, the most important one. Unless it's answered satisfactorily, identification is incomplete and no authorization can or should take place. But how does a system verify that a user is who he says he is? Simply entering your password doesn't prove it's you. Someone else could know your password.

The answer lies in a strong authentication process. Basically, the following three factors can be used to authenticate an individual:

1. Something the user knows. This is a reusable password, passphrase, personal identification number or a fact likely to be known only to the user, such as his mother's maiden name.

2. Something the user has. This could be a key, a magnetic-stripe card, a smart card or a specialized authentication device (called a token) that generates a one-time password or a specific response to a challenge presented by the server.

3. Something the user is. This depends on some inherent physical trait or characteristic. Often called biometrics, examples of this form of authentication include: fingerprints, retinal (eye) patterns, hand geometry, voice recognition, facial recognition, typing pattern recognition and signature dynamics (speed and pressure, not just the outline).

For more on biometrics, see "Give Your Computer the Finger" in this issue.

These authentication factors are listed here from weakest to strongest as determined by how difficult they are to forge or fake. By themselves, each of these methods offers some security. However, each has its own problems or weaknesses.

Anyone can enter a password and, historically, reusable passwords have been vulnerable to guessing, brute force and dictionary-based attacks.

The second means of authentication - something the user has - requires the user to possess an often difficult-to-replicate device. However this stronger protection also costs more (typically tens of dollars per device), and it requires contingency procedures in case a device is left at home, lost or stolen.

Continued...
1 | 2 | NEXT

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"As the economy heads south, there are plenty of boneheaded CEOs and clueless government officials to blame. Looking at the..." Read more...

"This pilot fish works at a telco that provides DSL hardware access to ISPs. Total number of users: in the..." Read more...

Read more Networking posts or See all Blogs

	Obama's choice for DHS could flame tech visa battle
	BlackBerry Storm sales should be strong, Verizon says
	10 great Bluetooth gadgets
	More top stories...

	Microsoft to launch IE8 in '09; RC due out in Q1
	Review: BlackBerry's Storm is awkward and disappointing
	Google shutters its Lively virtual world

2008 Salary Survey: IT pay takes tiny leaps

If you're like our 7,000 survey respondents, your paycheck this year has been flattened and your bonus obliterated. We offer 12 ways to plump up your paycheck.

Windows 7 in-depth review and video: This time Microsoft gets it right

Microsoft's next OS might more accurately be called Windows 6.5: It's essentially a better version of Vista.

Twitter for business: 5 ways to tap the power of the tweet

Twitter can be a valuable business tool -- if you know what you're doing. Here's how to juice it for all it's worth.

Microsoft's 'Vista Capable' changes outraged HP, insider e-mails show

By helping Intel with loosened 'Vista Capable' requirements, Microsoft 'severely damaged' its credibility, said an HP exec in a newly unsealed Feb. 2006 e-mail.

Windows 7

Get the latest news, reviews and more about Microsoft's newest desktop operating system

2008 Salary Survey

Find wage data for 50 IT job titles.

All Zones
Business Continuity Zone
The File Data Management Zone
Security Management Zone
The SAS Zone
Business Intelligence and Analytics Zone
The Enterprise Search Zone
Software as a Service Zone
The Security Zone

See your link here

Advance your BlackBerry(R) solution management know-how this July

Advance your BlackBerry(R) solution management know-how this July
BlackBerry Technical Seminar, register today!

Go to the webcast

Cut Data Center Energy Costs

Get this white paper now!
(Source: Liebert) Cooling accounts for 35% of data center energy consumption. Discover strategies that can reduce cooling energy costs by as much as 40%, including simple steps you can take to get more from your existing cooling system and emerging technologies that can increase cooling capacity and data center density.

Download this white paper

Computerworld Executive Briefing: Automating Network Management

Download this Executive Briefing now (a $195.00 value), compliments of ProCurve Networking by HP.
(Source: Computerworld) This briefing looks at the basics of network management, which tend to get lost in the dizzying array of products and processes. It also examines new tools that are on the way to help IT executives deal with management in the new era of automation.Download this Executive Briefing now (a $195.00 value), compliments of ProCurve Networking by HP.

Download this executive briefing

White Papers

Read up on the latest ideas and technologies from companies that sell hardware, software and services.

	2008 Internet Malware Trends Report
	Security Trends Overview: Targeted Phishing Attack
	Enterprise Findability Without the Complexity

View more whitepapers

XenServer FREE trial
Citrix XenServer is the simplest and most effective way to virtualize and provision servers. XenServer combines comprehensive server virtualization capabilities with unparalleled scalability, performance, economics, and ease-of-use. Based on the open source Xen hypervisor, XenServer delivers fast performance, easy management, and advanced features such as live migration.

Request free trial now

Chrome a Windows killer?
Anonymous wrote: Having to be connected to use apps that are not inherently dependent upon being connected is a liability...
[read the story | have your say]

Hot topics now:

Accelerate your pursuit of perfection

For almost 80 years, Kodak has been helping banks, insurance companies, healthcare providers, government agencies and other businesses produce billions of document images. So Kodak is uniquely positioned to know and deliver–what customers want: easy-to-use scanners that output the best possible image quality.
Download this white paper now!

Steven J. Vaughan-Nichols: 64-Bit Linux Adobe Flash Player: Surprisingly good When Adobe decided it was time to provide a 64-bit Flash Player, they released it on Linux and Solaris. Wow. [more]

Keys to Microsoft application acceleration: advances in delivery systems

Simply designing a data center that only deploys more servers, more storage, and more devices significantly increases network complexity and cost. You can now ensure significantly faster access to the Microsoft applications your users depend on.

Download this whitepaper

Next Gen Load Balancing: 8 Things You Need to Handle Today's Network Traffic

Learn how you can replace your aging load balancer with a true web application delivery appliance that provides 100% availability through full Layer 7 awareness and intelligent traffic management and delivers web apps with the highest performance and security possible.

Download this white paper

Constellation Brands Case Study

Learn why a $6.5 billion international producer and marketer of alcoholic beverages chose Citrix NetScaler to increase Web app performance and ensure high availability of global intranet and public Web sites.

Download this case study

Welch's Case Study

Learn why a large US food processor chose Citrix NetScaler to securely deliver a new Oracle ERP solution to external partners and remote users. You'll learn how Welch's was able to add 250 new users without expanding their IT staff or taxing the availability of their network resources.

Download this case study

Sponsored Links

Securing the converged enterprise has become a multidimensional discipline requiring a centralized, defense-in-depth approach. Learn more with this AT&T white paper.

Defy the laws of reporting - introducing Crystal Reports(R) 2008. Discover it now.

Instant server virtualization. Free download!

See the power of the new Quad-Core AMD Opteron" processor.

Citrix NetScaler 9 - Slash server costs by 60%

Kodak i600: Easy on your operators and your bottom line. Learn more about the i600 now.

Rackspace: The True Value of a Hosting Provider

SYMANTEC IS EMAIL ARCHIVING: Enterprise Vault - Free EMAIL HEALTH CHECK

Free Trial - New Diskeeper 2008 unleashes system speed. Get maximum system performance and reliability automatically now!

Samsung Printing Solutions--control workflow, costs and operations

Learn what 389 global technology decision-makers had to say about developing service-level agreements (SLAs) and measuring service quality.

The Future is Fusion. Only from AMD. See our video to learn more.

Beyond consolidation: five reasons why you should start virtualizing

Renowned Engineering Institution Chooses AMD Processor-Based Servers

What can you do with two monitors and your laptop? See more&

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

Learn about the new breed of mobile technologies and services and how to pick the right devices and software for your needs.

Learn how the new Quad-Core AMD Opteron(TM) processor improves performance

Microsoft SQL Server 2008. Read Case Studies & Try for Free.

Web Hosting UK - Cheap Windows Linux PHP MySQL ASP MSSQL Hosting in UK

HP StorageWorks products - control, consolidation and confidence.

Meru announces Wireless LAN Virtualization. Optimize RF use. Lower costs. Learn More

Save up to 64% plus 3 FREE Gifts from Omaha Steaks.

SYMANTEC IS EMAIL ARCHIVING: Enterprise Vault - Get your free white paper. Effective strategies for backup, archiving and recovery

Predict the future with HP Insight Power Manager

Reliable. Long-lived. Portable. Affordable. Energy-efficient...Tape Storage

Disk Backup and EMC: Addressing Today's Business Problems

Download Windows Server 2008 Hyper-V

How-to video: Smart steps to efficient power management

Tape vs. Disk...Which Costs More? Read "Disk and Tape TCO Square off Again"

Intercept Spam & Viruses With MessageLabs

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDG Connect

IDG World Expo

Infoworld

The Industry Standard

ITworld

JavaWorld

LinuxWorld

MacUser

Macworld

Network World

PC World

Playlist

Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

	Networking
	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10