Challenges of two factor authentication

Posted May 9, 2007
Filed under: Advanced Client, cardspace, identity OS, security, two factor authentication |

The wikipedia link for two factor authentication lists some of the challenges involved to make it successful.  I’ll give some comments on how the Identity OS will solve this:

  • Product proliferation. By standardizing an Identity OS and its interface it will become possible to deploy all the different two factor auth solutions on one platform and one interface. The Advanced Client standard seems a safe bet to me. Also think of a Cardspace-like GUI to select your credentials.
  • User password management. A solution to the password problem would be to have one password to authenticate to the Identity OS. Users will most likely choose the same PINs/passwords for their different credentials anyway (or am I the only one who chooses the same PIN for my different SIMs?). This would still be two factor authentication as the credential on the Identity OS platform is something you have and the password to access it is something you know.
  • Interoperability of authentication mechanisms. Mentioned before. Liberty Alliance’s Advanced Client specs could be the starting point.
  • Cost effectiveness. A hardware token deployment is of course much more challenging and expensive than a simple software deployment; downloading a credential to the Identity OS is cost free!
  • Password and software security. The security of the credentials and the software is dependent of the deployment of the Identity OS. As I mentioned in my previous approach, Cardspace and ICP are examples of an Identity OS with different levels of security; OS layer and device layer. The hardware approach sounds like the safest option, but care should be taken that applications making use of the credentials in the Identity OS should never release the credentials. The deployment of the credentials into the Identity OS is also of importance. Provisioning protocols have to support confidential supplier-to-Identity OS communication.

Based on these arguments a well implemented Identity OS should be able to remove the current challenges in two-factor authentication. Feel free to disagree with me on some of my points though!

Advertisement

1 comment so far

  1. Vombibromitte on November 19, 2007

    Follow these guidelines and you will build that new home with little, or no, problems. vinyl log siding can help…


Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.