Comparison: 5 Common Authentication Methods For Network Security
Passwords are becoming a patently inadequate form of security. They’re simply not enough on their own — and why? Because they rely on users to walk a fine line between complexity and memorability.
Unfortunately, most users opt for something that’s more memorable. That means they use weaker passwords that put their data, their systems, and their network at greater risk.
At one time, 86% of more than 2 million breached passwords were identical to passwords that had already been breached. How is this possible, if everyone’s passwords are long, complex, and unique?
In reality, they’re not. The top 10 most common and repeatedly breached passwords in this report include:
So, while you could simply try to use more complex passwords (and likely forget them), there’s a better way to protect your network — add a secondary authentication method.
The Fundamentals Of Authentication
Verification of you by a computer system comes in a few ways:
- Something you know, such as a password or PIN (personal identifying number);
- Something you carry, such as a flash drive or a proximity card; or
- The use of biometrics to authenticate you as an authorized user.
It’s commonly accepted that conventional authentication protocols and password protection are too weak, with today’s hackers easily using sophisticated tools that can hack passwords and get into your system and the data stored on it.
The solution to security on your entire computer system or on your smartphone is a form of secondary authentication — but which method is the best choice for your needs?
Comparison: 5 Methods Of Authentication For Network Security
Biometrics is a term that refers to measuring unique individual characteristics such as the retina, the iris, fingerprints or even the face. Today, the term is generally used by most people to describe a method for securing computers and stored data requiring a user to undergo a scan of the body part used for recognition.
While many systems use a fingerprint or retinal scan as a user password, systems that are serious about security often use a password and a biometric scan before unlocking the computer or device. Common biometric authentication methods include fingerprint identification, voice recognition, retinal and iris scans, and face scanning and recognition.
- Advantage: Biometrics are very difficult to fake. Spy movies make it seem simple to lift someone’s fingerprint with tape, or replicate their retina with a false contact lens, but it’s far more complicated than that. Biometrics are so specific and unique that they’re almost foolproof in terms of authentication.
- Disadvantage: The downside to this method is that it requires specialized scanning equipment, which is not ideal for some industries, and can be overly expensive for small businesses.
A token is a material device that is used to access secure systems. Common forms include a dongle, card, or RFID chip. A token makes it more difficult for a hacker to access an account since they must have long credentials and the tangible device itself, which is much harder for a hacker to obtain.
- Advantage: Similar to a biometric, a token is difficult to fake. The specific digital identity of a dongle or RFID chip is based on extremely complex security standards, which are not easily spoofed by cybercriminals.
- Disadvantage: Unfortunately, this authentication method can be easily undermined by the user. Put simply, a token is something you can lose. Whether it’s on a key ring or kept in a briefcase, even the most mindful of people can forget it in a car that’s then stolen, or have it fall out of their pocket at dinner.
The fundamental idea surrounding transaction authentication is context — this method seeks out reasonable mistakes when comparing known data about a user with the details of a current transaction.
Consider the security standards applied to your credit card: when you travel internationally, it’s wise to inform your bank of where you’re going, so that transactions outside of your home country do not get flagged. Transaction authentication applies this context-based evaluation of transactions.
An example would be if an individual lives in the United States, but large purchases show up while logged in from an IP address overseas. A red flag is sent up, and this cause for concern requires more verification steps to ensure that the purchase is legitimate and that the user is not a victim of a cyber-crime.
- Advantage: This authentication method is not dependent on the users, as it is outsourced to a monitoring team or a third-party like a bank. That means it has a “set it and forget it” quality when compared to other methods that put the onus on the user.
- Disadvantage: If cybercriminals can successfully spoof a user, then they can fraudulently approve of transactions occurring under false pretenses or in questionable contexts.
Multi-Factor Authentication (MFA)
When you log in to an account that has MFA enabled, in addition to entering your password, you must either enter in an added generated code, or authorize login with a “push” request to a secondary device.
In the event your password is compromised, your account can remain secure as the cybercriminal is unable to authenticate the secondary requirement.
There is a range of options for generating the MFA codes:
- Receiving a text message
- Using a dedicated authenticator application
- Possessing a physical device on which you must push a button to verify that you are the authorized user of that account
The protection that MFA adds allows you use your passwords for a longer length of time between password resets, and in the event that your service provider is compromised and your email and password end up in an open database on the open web, you will have time to change your password before your individual account is compromised.
ATM’s are prime examples of MFAs because you need a card (physical token) and a PIN (something known) in order for the transaction to take place.
- Advantage: MFA is common and low-cost to implement. As one of the most popular methods of authentication for anything from email accounts to online banking, MFA would be relatively easy to roll out with staff members.
- Disadvantage: As with token authentication, a lost phone can quickly circumvent the security offered by MFA. If a cybercriminal is able to steal or spoof a smartphone, they can then nullify any effect of the MFA process.
Out-of-Band Authentication (OOB)
A specific type of MFA, OOB utilizes totally separate channels, like mobile devices, to authenticate transactions that originated on a computer.
Any transaction that requires deposits from one place to another, like a large money transfer, would generate a phone call, text or notification on an app that there is more authentication required for the transaction to be completed. With two necessary channels, it is much more difficult for a hacker to steal money.
- Advantage: Just like MFA, OOB is common and low-cost to implement. As one of the most popular methods of authentication for anything from email accounts to online banking, OOB is relatively easy to roll out with staff members.
- Disadvantage: As with token and multi-factor authentication, a lost phone can quickly circumvent the security offered by MFA. If a cybercriminal is able to steal or spoof a smartphone, they can then nullify any effect of the MFA process.
Which Authentication Method Is Right For You?
Unfortunately, we can’t answer that question for you. Depending on your business, its size, its available security budget, and other specific factors, one may be better for you than another. As a baseline, if you do not have any secondary authentication set up, then you should at least start by enabling MFA on all business accounts where it is offered.
If you would like expert assistance managing any of these methods, contact the Alliance Technology Partners team. Our knowledgeable team members are prepared to help you with any concerns you have.