The benefits of multifactor authentication technology are great. For widespread acceptance to occur, these solutions must deliver a reliable, cost-effective, easily managed, easy-to-use offering. I know, I have used that line for this group before, but a benefit to doing this group three years in a row is the ability to look at how these technologies have evolved to meet that goal. That was my focus for the reviews this year. Many of the technologies we reviewed this month were included last year as well. Most of the products are obviously mature in their lifecycle, so we shifted our focus slightly to investigate how these solutions could address the next level of challenges facing organizations today - i.e., added security without huge added overhead and cost. As always, we are interested in a product's ability to deploy easily, be centrally managed and provide good reporting and logging for forensic and auditing purposes. These capabilities were lacking last year in several of the products we reviewed. We were interested in how they would fair in their new versions. We were looking for how well these solutions could serve a home user, as well as deliver enterprise-class functionality, such as central management, logging, reporting, audit support and various deployment options.
There are numerous solutions addressing the strong authentication market. For our Group Test review this month, we focused on products addressing identification and authentication, and defined the criteria as "products which provide enhanced security of a supplicant providing credentials for access to an authenticator or authentication server. Supplicants may be users or devices." We had a smaller group this year, but it covered a wide range of options. We had offerings that turned a standard USB drive into a token; OTP (one-time password) solutions; standard, hard-token and soft-token offerings; and zero-footprint solutions that used a cell phone or even landline as a second-factor authenticator. The product set this time consisted of software-based solutions and one hosted offering.
Without a doubt, all the tools we evaluated provided an added layer of security. The plethora of authentication options available today provide organizations with a great amount of deployment, management flexibility and various cost structures to fit most budgets. There will always be challenges in the deployment of client software across a large enterprise. There are logistical and support challenges with distributing, enrolling and supporting hard-token technologies. There are solutions now that deliver a near-zero footprint from a deployment perspective. We evaluated solutions on the other end of the spectrum as well that required deploying software and/or hardware for each system to be secured. The enterprise-class solutions did require some time and skill to deploy. The work was worth the effort because once deployed, all the solutions we reviewed were very flexible and easy to use. We were impressed with some of the personal options that would allow an end-user to add two-factor to their environment for only a handful of dollars and a few minutes of installation and configuration.
There are numerous choices available for adding stronger authentication into a current username and password authentication model. Whether accessing a PC through Active Directory/Lightweight Directory Access Protocol credentials, accessing secure web applications or doing banking online, there are numerous options that should fit any budget or need.