What are you doing about two-factor authentication?
Computerworld - If you work for a financial institution or a company that processes credit card transactions, this isn’t news to you: There’s a growing push to require two-factor authentication for logging into your company’s information systems.
But if you’re in this camp, you’re probably also finding out how expensive and operationally challenging it is to require users to remember a password and also some other mechanism, such as a plastic token, to log in successfully. National attention on two-factor authentication is generating as much hype as network intrusion detection and stored data encryption did a few years ago.
Not sure which authentication approach is best for your company? Then it’s probably time to take a step back and reassess the alternatives.
What exactly are the new requirements? In January 2005, the payment-card industry issued the now-famous PCI Data Standards. Among the many PCI standards, which apply worldwide to companies that process payments using Visa, MasterCard, American Express or Discover cards, was this nugget: "Implement two-factor authentication for remote-access to the network by employees, administrators, and third parties."
Later, last October, the Federal Financial Institutions Examination Council (FFIEC) weighed in on the topic. The FFIEC, which creates the standards for federal audits of U.S. financial institutions, issued guidelines stating that "single-factor authentication, as the only control mechanism" was "inadequate" for Internet-based products and services such as online banking.
With these two mandates, what was once wishful thinking by hardened security professionals has now entered boardroom budgeting discussions across the country. But just what is two-factor authentication?
Security professionals have traditionally defined it this way: choosing something you know — usually a password — along with either something you have, such as a cardkey, or something about who you are, such as your fingerprint. The idea behind this approach is that it would be virtually impossible for a criminal to simultaneously be in possession of two of these types of authenticators.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Privacy White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!