
A superior
method of authenticating a user involves the utilization of two factors or, as
it is often called, two-factor authentication. In these types of systems, a
user is given some kind of a security token or device, which is used along with
a password to authenticate, resulting in the common adage “something you have
and something you know.” In the realm of two-factor authentication, there are
three basic strategies that represent the majority of the market. Each of these
has its advantage and disadvantages and should be considered when choosing a
two factor authentication system for deployment.
RSA SecurID

Earlier this
year, the entire RSA system was compromised by a security breach which
compromised sensitive data and forced RSA to reissue millions of one-time
password security tokens. The security industry is now exploring other options
to replace this aging technology. The most popular two factor authentication
system today is SecurID marketed by RSA. The SecurID method of two factor
authentication involves issuing a card or a token to each user of the system.
These pocket
sized tokens each contain a small battery powered electronic system that has
been programmed with the algorithm of the one-time password strategy being
utilized. Each time a user logs onto a securID system, a unique password is
read from the device and keyed into the login computer by the user.
Smart Cards

Many systems
utilize smart card technology. One of the most popular is the PIV System
deployed by the United States government. Other enterprise organizations
utilize smart cards issued to their users as a two-factor authentication method
of log-in to Active Directory. The Achilles’ heel in smart card certificate
authentication is the vulnerability of the trusted authority protecting the
chain of creating signed certificates. This vulnerability has been underscored
by a series of recent breaches, including the major breach of the Comodo signed
certificates in 2011.
Gold ID

Gold ID
greatly reduces the cost of initial deployment. The security function can be
managed by non-computer personnel, bringing the matter of security back to the
security department and out of the hands of programmers that already have
access to the system. Since the process is managed entirely in hardware, it is
much more flexible, giving the organization the ability to lock out disgruntled
employees, recover lost credentials, and to control access of critical
information assets by multiple users, even when the assets are stored encrypted
at-rest.
To date,
Gold ID is the only two-factor authentication system that has not been
compromised. Gold ID is thoroughly implemented in the GoldKey offering by
GoldKey Security Corporation. GoldKeys are not powered by internal batteries
and therefore do not have end-of-life failures as batteries wear out. There is
not an annual licensing fee for each user, and the initial cost of deployment
is substantially less than other options. Most importantly, GoldKey Security
tokens also contain a full deployment of the PIV Smart Card system, allowing
users to continue utilization of their current Smart Card system while building
the capability of transitioning all or part of the system over to Gold ID at
some future date.
Additional
information on Gold ID can be found at GoldKey.com.
No comments:
Post a Comment