Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The hidden dangers of "good enough" authentication

By David Hald, co-founder and chief relation officer, SMS PASSCODE | July 29, 2014
A guide to understanding the common pitfalls of authentication-based security.

 When implementing a multi-factor authentication security platform that leverages SMS as a delivery mechanism for the OTP (One-Time-Passcode), the reliability of the SMS arriving on-time becomes mission-critical. Users are waiting to log into critical business applications remotely and cannot proceed until the code arrives. There is a huge difference between the SMS arriving within 10 seconds or two minutes. If the code isn't effectively delivered on-time, it might create a situation in which a high percentage of the codes arrive late.

Some authentication providers claim that SMS delivery is not reliable enough and, as a result, they encourage the usage of pre-issued codes. However, this lowers the level of security significantly because the OTP cannot be generated in real-time and can be a dangerous trade-off to make.

Another consideration when implementing mobile-based multi-factor authentication technologies is the level of adaptive support. One best practice is to take full advantage of contextual information, such as login behavior patterns, geo-location and type of login system being accessed. This provides some powerful benefits for an organization in terms of added user convenience. For example, it allows for the level of security to dynamically adjust based on where the user is located when logging in, what time they are logging in and what network they are logging in from.

If the user is logging in from a trusted location--such as the user's home--where they have logged in from before, then they will not be prompted for an OTP in order to authenticate. On the other hand, if the user is attempting to log in while traveling (i.e. from an airport lounge or hotel with public Wi-Fi), then an OTP is mandatory to gain access.

If all you need is a rig to get you to the corner store and back, a Volkswagen is fine. But if you need a vehicle that delivers high performance at high speeds, a Porsche is a much better choice. Just as all cars are not created equal, neither are all multi-factor authentication tools. Security, reliability and ease of use are just some of the many vital components to consider when choosing a security platform. It's essential that organizations move beyond "good enough" authentication to keep ahead of modern security threats and keep data safe.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.