• About Authentication
  • - Identity Theft
  • - Making Strong Authentication Easy for Corporates
  • - Making Strong Authentication Easy for Smaller Organisations
  • - Process and Procedure
  • - Technologies
  • - The Problem with Passwords
  • - What is Authentication?
• Why Choose a Managed Service
• News
• Collateral
• Contact Us
• About Us

• Home

What is Authentication?

What form of Authentication Credentials are best?

The authentication credentials that a user presents to validate their identity can take many forms: a standard password, a one-time passcode, a token, smartcard, biometric or any combination of these factors. Despite the claims of the various manufacturers – there’s no one form of authentication credential that is ideal for all users and applications. 

Static Passwords: while suitable to protect low grade resources it is widely accepted that passwords are too weak to protect the digital ID’s of corporate users.  They can be so easily be guessed, snooped, copied or cloned that Identity Theft becomes easy for an attacker who can walk through your firewalls and other defences using the stolen ID. With passwords you can never be really sure that a user is who they claim to be.

One-time Passcodes (OTPs):  the user presents a different passcode every time they login, which means that even if a user’s session is snooped, the stolen passcode cannot be reused.  OTPs are a flexible and popular alternative to static passwords as they require no special reader or input device, so the user is able to log in from any convenient PC or other Internet connected device.

Secure OTPs can be delivered to users in a variety of ways:

Hardware Tokens: One-time passcode tokens such as RSA SecurID are used, in combination with a secretPIN, as the most simple, secure and convenient to generate one-time passcodes. They are ideal for any form of corporate remote access: whether VPN, Web or wireless based.

SMS & E-mail delivery: OTPs can be delivered on-demand to a user’s registered mobile phone, PDA or e-mail account by SMS or e-mail.

Smartcards & USBSmartkeys: used to securely store a user’s Public Key Encryption (PKI) digital certificate, these devices can be used to ‘digitally sign’ documents and most appropriate for corporate ‘Single Sign-On’ and hotdesking projects where the users will always be logging in from a corporate-controlled PC or laptop.  

Biometrics: despite generating many column inches, fingerprint, iris and other forms of biometric authentication are mostly used for physical access security rather than as a digital ID for network and web access.  Again, the user is tied to a using a computer with an appropriate scanner, so most biometrics are not suitable for ‘Anywhere Access’.  The exception is voice authentication which has significant promise in this area.

No-one system fits all

The reality is that each of these forms of authentication is appropriate for different users and in different applications. There’s no one perfect system that fits all needs and budgets.  Larger organisations often find that they need to implement several different authentication systems to support travelling staff, teleworkers, supply chain and consumer access.  

This can end up in an identity nightmare where people find they have to use multiple digital ID’s and authentication credentials to access different systems and applications.

Signify Solutions Guide

The Solutions Guide gives an overview of using Signify in your enterprise and how it integrates into your systems.