|
Token based
authentication is a very important piece of the security
solution puzzle. Compared to biometrics which is
"something you are," Token devices are "something you
have" - like your keys. However, there are various ways
to protect "something you have". Tokens come in two
general categories: special purpose Authentication
tokens and general purpose, smartcard-like devices.
Special purpose tokens only do authentication, generally
using a proprietary cryptographic scheme. These cards
have the advantage that they require little or no
modification to existing systems and applications. They
are low in cost and usually don't require a special
hardware reader. Depending on the product, they may have
the form factor of a card, a calculator-like device or a
fob which can go on a key chain.
Smartcard-like systems can be programmed to do almost
anything, including a proprietary authentication
protocol like a special purpose token. Most commonly
they are used to store secret keys and perform
cryptographic operations, such as digital signatures. In
this mode they are used in conjunction with a Public Key
Infrastructure (PKI).
Token based
authentication provides enhanced security compared to
the traditional password method, but there are practical
tradeoffs and disadvantages. Users may leave their card
home or on their machine during lunch and thus create
security holes. Other products require extra steps when
logging in. While token devices haven't been widely
implemented in the U.S., their ability to add an
additional layer of security and store digital
certificates will most likely help their adoption rate
grow over the coming years. |
