Cybersecurity White Papers

Two Factor Authentication

There are three possible ways to authenticate a user.  You can base it off of something they know, something they have, or something they are.  Each method has pros and cons and choosing the right way for your environment is critical because authentication is one of the first lines of defense.  Let’s take a look at each of the methods individually:

  1. Something you know:
    1. This is the most common and least effective method employed.  The reason it is so popular is that it is typically the least expensive method.
    2. The problem with this method is that with so many passwords we have to remember today (work, bank, email, Facebook, Twitter, Instagram, message boards, on-line bills, PINs, credit cards, etc…) we either have simple passwords or passwords so complex we write them down or forget them leading to a self-inflicted denial of service attack waiting for a password reset.
    3. The second issue is that these passwords are normally stored in a file that hackers can gain access to and decrypt off-line.  A chain is only as strong as its weakest link and all it takes is for one person to have a weak password and your system will be compromised.
  2. Something you have:
    1. This is a very common method for physical security.  How many keys do you carry and use on a daily basis?  You may have keys for your car, work, home, bike, shed, desk, or filing cabinet.  The advantage to this is that the device is physical and carried by the user.  A password can be stolen without the person ever knowing, but a missing key, token, or card will be noticed.
    2. The issue with something you have is if you lose it or it is stolen, if not paired with another authentication method it will grant access to your environment.
  3. Something you are:
    1. This is commonly referred to as biometrics and in many ways it is the most effective single method of authentication.  However, this comes at a cost of greater expense, large databases of information, user concerns, long enrollment times, difficulty in maintaining equipment, and delays in authenticating authorized users.  The more robust the system is the more time effort and cost is involved to install, maintain and operate it.

So what is the answer if passwords are easy to crack, keys can be lost, and biometrics are expensive?  Use two-factor authentication.  When you combine two of these methods together you mitigate almost all of the negatives without a great increase in cost.  For example, if you combine something you have such as a token with a password, the attacker must capture the password as well as physically get access to the token.  Additionally, they have to be able to match up the password to the particular token device.  If you pair a password with a biometric device, you can adjust the sensitivity of the biometric device to a level that provides adequate security while not interfering with daily operations.  Finally, if you combine a token with biometrics, there are no more passwords to remember resulting in better security and less down time due to password resets and lockouts. 

To download the file, please contact us at