Multifactor Authentication

Multifactor Authentication

Multifactor authentication solutions use more than one credential criteria to authenticate a user. The three different types of authentication criteria that can be combined to create a multifactor solution are

• Something you know (usernames/passwords)

• Something you have (token, SecureID, SmartCard)

• Something you are (fingerprints, eye/hand scan, implants, keystroke dynamics)

The cost of unnecessary overhead and complexity compared to the risk involved normally limit an enterprise to the use of two-factor rather than three-factor authentication. Enterprise two-factor authentication solutions offer capabilities for centralized and remote management of devices and should be considered; however, successful integration with the existing network security infrastructure should be a primary design consideration. Implementing technology such as SmartCards that use digital certificates and thumbprint scanners on the wireless laptop computer is probably going overboard because doing so would entail significant work effort and cost; the risk/reward ratio would have to be extremely high to justify installing so many security features. When appropriate, many types of possession credentials (e.g., tokens, SmartCards, and biometric credentials) can be taken into consideration when planning a WLAN security solution. For example, possession credentials include SmartCards, smart tokens, digital certificates, and similar tangible technologies. If you decide to use biometrics, many different types of scanning processes can be deployed, such as hand scans, eye scans (retina or iris), fingerprints, facial recognition, and voice prints. Selection of the proper biometric solution will require commitments for extra cost and deployment time (scanning every employee's hand, for instance, is not a simple project).