Creating a Secure Authentication Strategy

When it comes to authentication, security experts agree that passwords just aren't enough.

 By Kara Reeder | Posted Oct 11, 2010
Page of   |  Back to Page 1
Print Article
Passwords are usually the first line of defense when it comes to network security. There are a number of ways to help ensure good password management. However, when it comes to authentication, security experts agree that passwords just aren't enough.

As InformationWeek points out:

Strengthening authentication usually means adding a second factor (something you have) to an existing strong password (something you know).

The article offers five questions to help you begin designing a secure authentication strategy. They include:


  1. What do you need to protect? A corporate network, a sensitive database server, or a customer-facing website? You should assess what impact unauthorized access to those systems will have.
  2. Who will have access? Will it be employees, contractors and/or customers?
  3. Who manages the workstations? The article asks:

Will users authenticate to your systems only from computers managed by your IT group? If the answer is yes, then you don't need client-side software for machine signatures or certificates. However, for customers and partners, the answer is almost always no, so you're left with options that don't require touching the computer, such as user name and password, knowledge-based authentication, and message replay.


Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter

By submitting your information, you agree that enterprisenetworkingplanet.com may send you ENTERPRISENetworkingPLANET offers via email, phone and text message, as well as email offers about other products and services that ENTERPRISENetworkingPLANET believes may be of interest to you. ENTERPRISENetworkingPLANET will process your information in accordance with the Quinstreet Privacy Policy.