Electronic Books

But remote access has
taken away the location requirement, as demanded by today??™s business environment, and
authentication has become vulnerable as a result.
Tokens as a Candidate for Strong Authentication
Tokens are small pieces of hardware, about half the size of a credit card (but a bit thicker), that
often ?¬? t on a key chain (Figure 10.1). Like an ATM card, this factor is a ???what you have.??? Th ey
often have liquid-crystal displays and give the user a onetime passcode for each log-in. Instead
Figure 10.1 Token form factors.
148
Information Security Management Handbook
of logging in with a password, the user activates the token and types in the characters from
the token display into the password ?¬? eld. Tokens usually require a piece of server software that
allows or denies access to the user. Th e big advantage for most information technology departments
is that token solutions do not require a piece of client software on the user??™s machine.
Tokens, therefore, can be used anywhere: on public Internet terminals, on the Web, from any
laptop, desktop, or palmtop. Some users resist tokens initially, and some companies are concerned
about price: in excess of $70 per user as an initial cost for many solutions. But the solution
is cost-competitive, highly reliable, and portable and is one of the simplest options available
to deploy.
Common Types of Tokens
Current-generation tokens are available in form factors that are much less intrusive to users than
previous-generation tokens.


Pages:
269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293