Security - Baseline
Home arrow Security arrow Page 3 - Understanding Two-factor Authentication















Renew Your Subscription

Security



Understanding Two-factor Authentication



By David Strom
2008-06-26
Article Views: 10316
Article Rating:starstarstarstarstar / 8

  Table of Contents:
  1. Understanding Two-factor Authentication
  2. Nontoken Methods
  3. Factor This

There’s a lot to consider before you implement two-factor authentication, because it touches your enterprise infrastructure, applications and networks.

Rate This Article:
Poor Best
Add This Article To:

Understanding Two-factor Authentication - Factor This


( Page 3 of 3 )


Factor This

Before you invest in any two-factor authentication solution, review your portfolio of applications, user logins, and other items that require credentials or passwords. Then consider:

  • How much of this infrastructure do you want to augment with two-factor methods? Implement the applications that are most at risk and contain the most sensitive data, and work your way down. OhioHealth began by deploying remote access and then moved on to its medication ordering systems, while the University of Minnesota began with mission-critical enterprise applications.
  • Do you require Microsoft Active Directory integration, or can you spare the time to do the integration yourself? Voice Verified and RSA’s SecurID both require extra time for Active Directory integration; some solutions include more direct support.
  • Do you want to use second factors for remote access, such as through a Virtual Private Network or a Citrix terminal server? Some products, such as Safe Word and MultiFactor, support various VPN gateways directly, minimizing installation hassles.
  • How many users will you require to use the second-factor method? Are they internal staff, customers or business partners? Some companies begin pilots with a select group of IT staff and work outward. You will get user distress calls with any system, so prepare to train support people. The University of Minnesota deployed the M Key technology to small numbers of users over several months: “We didn’t want to send out 5,000 tokens in one week and overwhelm our support resources,” says Powell.
  • Can you deliver tokens to your users, or must you use nontoken methods? OhioHealth needed a solution that allowed offsite doctors to order prescriptions for their patients, for instance.
  • How do you delete or replace a lost token? Each vendor takes a slightly different approach, so this, like other aspects of two-factor authentication that affect your enterprise infrastructure, applications and networks, is worth further investigation.




 
 
>>> More Security Articles          >>> More By David Strom
 



Sponsored Links
  • Get up and running in as quickly as 30 days with BI. Learn how today.

  • FREE Securing Smartphones & Tablets for Dummies Book from Sophos
  • 5 New Technologies That Will Change Enterprise ITAdvertisement
  • Build an IT Infrastructure That Delivers the Future
     
    		•
     
    FEATURED SPONSORED ARTICLES
    FEATURED SPONSORED VIDEOS

     

    Related Content

    Articles Labs/How-To Multimedia


    LATEST STORIES
    - Five Ways to Put Mobile Technology to Work
    - Ten iPhone Apps that Will Save You Money
    - Mobility Transforms the Customer Relationshi...
    - BPM Keeps Pace With Business Changes
    - Speech Recognition Speaks To Businesses


     

     

    Advertisement
    rss graphic
           Baseline Newsletters

    Baseline:  

    Issue Index | Contact Us | About | Magazine Customer Service | Navigation Guide

    Quick Links:  

    Project Planners | Enterprise Resource Planning | Network and Online Security | Data Analysis | Process Management | Storage Devices| Link to Us

    Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
    Tech RSS Feeds | White Papers | Tech Podcasts | Tech Video | VARs | System Builder

    Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
    eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
    Publish | Security IT Hub | Strategic Partner | TechDirect | Technology White Papers | Windows for Devices

    Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
    Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

    Use of this site is governed by our Terms of Use and Privacy Policy

    Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.