Two Factor Authentication for Small and Midsized Businesses
Many organizations have already seen the writing on the wall: the days of user name and password authentication are coming to an end. We’ve tried to overcome the weaknesses of the old username and password solution by requiring complex passwords, but users just came up with creative ways to get around password complexity requirements, and hackers came up with more sophisticated methods (such as rainbow tables) for cracking passwords. Bill Gates said at the 2004 RSA conference that passwords “just don’t meet the challenge for anything you really want to secure.” It’s clear that other methods for authenticating users must be employed to meet the security challenges of the 21st century. The solution is multi-factor authentication. Most commonly deployed as two-factor authentication, multi-factor authentication requires more than a user name and password. There must be something else provided in order to verify that the user is whom the user claims to be. That additional “factor” can be a biometric reading, a smart card, or a device that enables a one-time password. The important thing is that an authentication factor in addition to an easily stolen username and password must be required to assure that the person logging on is indeed that user. Two-factor authentication solves a lot of problems. Some of them include: Phishing attacks. With two-factor authentication, phishers could not steal user names and passwords and gain access to private information; since they cannot steal the second factor, the user name and password ends up being worthless to the attacker later on I