Authentication

Do you really know who’s accessing your most sensitive networked information assets? Unfortunately, security built on static, reusable passwords has proven easy for hackers to beat. In the past year or so there have been a number of examples of situations where a simple username and password have proven to be insufficient for security. During the Presidential campaign last Fall Republican Vice Presidential nominee Sarah Palin’s Yahoo email account was broken into. French President Sarkozy has been the victim of unauthorized access to his bank account. More recently, Monster.com experienced a data breach compromising the usernames and passwords of Monster.com users.

While these situations and others like them are the result of various underlying security issues, the reliance on only a username and password to authenticate an individual’s identity does not provide enough security for sensitive data. Two-factor authentication requires that two different methods of authentication be used for added security. By requiring something in the user’s physical possession like a smartcard, or relying on a unique characteristic of the individual like a fingerprint in addition to the username and password, security is improved and attackers are unable to steal an identity or impersonate a user by simply compromising their username and password.