• slide-1
  • slide-2
  • slide-3
  • slide-4
  • slide-5
MessageID- SMS OTPPasswords are the weakest form of authentication. They are vulnerable to being guessed, stolen or otherwise compromised by password cracker applications. A password cracker application is any program that compromises password security by revealing passwords that have previously been encrypted. For example, a hacker may encrypt every word in the dictionary (spelled forward and backward and other combinations) using DES. The encrypted password is then compared to the target password. If there is a match, there is a very high chance that the password was cracked (higher than 98 percent chance). Password cracker applications are very effective in determining poorly selected passwords.

Keep in mind that a basic Web server’s HTTP authentication system does not encrypt the username and password. These unencrypted passwords are susceptible to “sniffing” attacks from hackers.

 

Strong Authentication
Businesses should consider some type of a strong authentication solution to address the requirement for identification and verification. Strong authentication is where two or more authentication factors are used. Authentication is closely tied in to non-repudiation, which involves being able to prove someone did something even though they claim they did not. Two-factor authentication is stronger than one-factor authentication because it combines two different authentication factors.

The authentication factors may be one or more of the following:
Something you know (knowledge);
Something you have (possession);
Something you are (person).

Fast-emerging authentication solutions include:
Tokens (ID Control USB Token);
Mobile Authentication (HandyID and MessageID);
Biometrics (KeystrokeID);
Risk Based Assessment based Authentication (RiskID).

Authentication Tokens
Authentication tokens are dual-factor or two-factor authenticators. To use an authentication token, you need to have the token (something you have), and you need to know the PIN (something you know). Even if the token were compromised–say you forgot it someplace–it would not do the user any good if they did not know the PIN. It is a significant improvement over just using passwords, which is an example of one-factor authentication.

In case you would like to know more about 2-Factor Authentication, please contact us!

What's your e-authentication method?

Go to top