Stay Safe Online. National Cyber Security Alliance. Cyber Security Basics.

Home Users

Educators

Family & Children

Small Business

- Cyber Security 101

- Prepare Your Company

- Your Employees

- Your Computers and Systems

- Basic Tips
- Virus Control
- Physical Security
- Phishing Control
- Firewalls
- Authentication
- Wireless Networks

- Your Customers

- Webcasts

- Incident Recovery and Reporting

How Safe Are You?

Cyber Security

Glossary

Authentication

Executive Summary

Just as your key fits in the lock to the door, authentication becomes the key to unlock your cyber security measures. Authentication is most effective when you use strong passwords and a second mode of verification.

Identification and authentication are necessary components of Information Security. Identification identifies the user to the system or network, usually based on a unique user name. Authentication is used to verify that the user is who they say they are. Authentication techniques vary from simple (strong passwords) to sophisticated (a separate electronic token). Here is a summary of the modes of authentication:

Something you know: Password, PIN
Something you have: Card, Token, Key
Something you are: Fingerprint, face, retina or iris pattern (biometrics)
Something you do: Behavioral: signature, voice pattern, key stroke pattern

To increase the strength of your authentication, you can use more than one mode. As when you use multiple locks on a door, multiple modes of authentication make it more challenging for an unauthorized person to break into your system.

Passwords and PINs:

These are the most common means of authentication and can be effective if created, used, and managed properly.

Pros: Easy to use and integrated with most systems
Cons: Can be forgotten, written down, divulged, guessed, and mismanaged. Can be intercepted and then used

Tokens:

A token is an electronic card or device that is either inserted into a reader or produces a number that the user enters into the system. It provides two-factor (stronger) authentication if a PIN or code is required to unlock the card or token. A token can be part of a strong challenge/response authentication

Pros: Much harder to break than passwords
Cons: Higher cost, Card/token can be stolen/coerced

Biometrics

Biometrics is an up-and-coming authentication method, based on the uniqueness of each individual’s physical characteristics or traits. The trait used may be fingerprints, hand geometry, facial geometry, retina patterns, iris patterns, voice recognition, handwriting recognition, or any of the increasingly available traits. A biometric system is essentially a pattern recognition system or database. The system includes all the hardware, software, and the interconnecting infrastructure, which enables the matching of a live sample to a stored pattern in a database.

Pros: Non-forgeable, strong authentication
Cons: More expensive (through costs have fallen), User acceptance issues, data processing issues

Additional Resources

NIST: Biometrics Security Technical Implementation Guide - http://csrc.nist.gov/pcig/STIGs/biometrics-stig-v1r3.pdf
NIST: Authentication Work/Projects -
http://csrc.nist.gov/pki/authentication.html
US-CERT TIP: Choosing and Protecting Passwords- http://www.uscert.gov/cas/tips/ST04-002.html