What are you doing about two-factor authentication?
Computerworld - If you work for a financial institution or a company that processes credit card transactions, this isn’t news to you: There’s a growing push to require two-factor authentication for logging into your company’s information systems.
But if you’re in this camp, you’re probably also finding out how expensive and operationally challenging it is to require users to remember a password and also some other mechanism, such as a plastic token, to log in successfully. National attention on two-factor authentication is generating as much hype as network intrusion detection and stored data encryption did a few years ago.
Not sure which authentication approach is best for your company? Then it’s probably time to take a step back and reassess the alternatives.
What exactly are the new requirements? In January 2005, the payment-card industry issued the now-famous PCI Data Standards. Among the many PCI standards, which apply worldwide to companies that process payments using Visa, MasterCard, American Express or Discover cards, was this nugget: "Implement two-factor authentication for remote-access to the network by employees, administrators, and third parties."
Later, last October, the Federal Financial Institutions Examination Council (FFIEC) weighed in on the topic. The FFIEC, which creates the standards for federal audits of U.S. financial institutions, issued guidelines stating that "single-factor authentication, as the only control mechanism" was "inadequate" for Internet-based products and services such as online banking.
With these two mandates, what was once wishful thinking by hardened security professionals has now entered boardroom budgeting discussions across the country. But just what is two-factor authentication?
Security professionals have traditionally defined it this way: choosing something you know — usually a password — along with either something you have, such as a cardkey, or something about who you are, such as your fingerprint. The idea behind this approach is that it would be virtually impossible for a criminal to simultaneously be in possession of two of these types of authenticators.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Privacy White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!