Two-factor and multifactor authentication strategies
User names and passwords are no longer enough and more enterprises are deploying two-factor or multifactor authentication products. Browse the articles and advice in this section for the latest information on using strong authentication in your organization.
Top Stories
-
Feature
30 Jul 2021
Keycloak tutorial: How to secure different application types
IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about passwords, it reduces the potential attack surface. Continue Reading
-
Feature
30 Jul 2021
Secure applications with Keycloak authentication tool
As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure applications to its specific needs. Continue Reading
-
Answer
04 Jan 2017
How can two-factor authentication systems be used effectively?
Two-factor authentication systems require more than using codes sent through SMS and smart cards. Expert Michael Cobb explains how to properly and effectively implement 2FA. Continue Reading
-
Tip
03 Jan 2017
FIDO authentication standard could signal the passing of passwords
The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies. Continue Reading
-
Answer
02 Jan 2017
What new NIST password recommendations should enterprises adopt?
NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note. Continue Reading
-
Feature
01 Jun 2016
Strong authentication methods: Are you behind the curve?
Not sure who's really behind that username and password? Google, Facebook and others may finally give multifactor authentication technology the 'push' it needs. Continue Reading
-
News
26 May 2016
Retiring obsolete SHA-1 and RC4 cryptographic algorithms, SSLv3 protocol
Microsoft speeds deprecation of SHA-1, Google dropping support for RC4, SSLv3, as web software publishers approach end of life for obsolete cryptographic algorithms and protocols. Continue Reading
-
Answer
06 May 2016
How can Kerberos protocol vulnerabilities be mitigated?
Microsoft's Kerberos protocol implementation has long-standing issues with its secret keys. Expert Michael Cobb explains how to mitigate the authentication vulnerabilities. Continue Reading
-
Answer
22 Mar 2016
What's the difference between two-step verification and 2FA?
The terms two-step verification and two-factor authentication are used interchangeably, but do they differ from one another? Expert Michael Cobb explains. Continue Reading
-
Answer
18 Jun 2015
Can simple photography beat biometric systems?
Simple photography cracking biometric systems highlights the need for two-factor authentication in enterprises according to expert Randall Gamby. Continue Reading
-
Buyer's Guide
13 May 2015
Multifactor authentication: A buyer's guide to MFA products
In this SearchSecurity buyer's guide, learn how to evaluate and procure the right multifactor authentication product for your organization. Continue Reading
-
News
24 Apr 2015
NIST wants help building the one ID proofing system to rule them all
The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues. Continue Reading
-
Definition
02 Apr 2015
active RFID (active radio frequency identification)
Active RFID (radio frequency identification) tags are continuously operating, battery-powered sensors that gather and transmit data to a reading device. Continue Reading
-
Definition
12 Feb 2015
strong authentication
Although it is not a standardized term, with set criteria, strong authentication can be said to be any method of verifying the identity of a user or device that is intrinsically stringent enough to ensure the security of the system it protects by withstanding any attacks it is likely to encounter. Continue Reading
-
Feature
30 Jan 2015
The top multifactor authentication products
Multifactor authentication can be a critical component of an enterprise security strategy. Here's a look at the top MFA products in the industry. Continue Reading
-
Definition
20 Dec 2014
out-of-band authentication
Out-of-band authentication is a type of two-factor authentication that requires a secondary verification method through a separate communication channel along with the typical ID and password. Out-of-band authentication is often used in financial institutions and other organizations with high security requirements. Continue Reading
-
Definition
15 Dec 2014
machine authentication
Machine authentication is the authorization of an automated human-to-machine or machine-to-machine (M2M) communication through verification of a digital certificate or digital credentials. Unlike user authentication, the process does not involve any action on the part of a human. Continue Reading
-
Definition
11 Dec 2014
four-factor authentication (4FA)
Four-factor authentication (4FA) is the use of four types of identity-confirming credentials, typically categorized as knowledge, possession, inherence and location factors. Continue Reading
-
Definition
03 Dec 2014
Duo Security
Duo Security is a vendor of cloud-based two-factor authentication products. Continue Reading
-
Tip
04 Nov 2014
Why mobile user authentication is more important than ever
Encrypting data is a good first step, but if you don't properly authenticate users, sensitive information can still fall into the wrong hands. Continue Reading
-
Definition
29 Aug 2014
GPS tracking
GPS tracking is the surveillance of location through use of the Global Positioning System (GPS ) to track the location of an entity or object remotely. The technology can pinpoint longitude, latitude, ground speed, and course direction of the target. Continue Reading
-
Definition
24 Jul 2008
LEAP (Lightweight Extensible Authentication Protocol)
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. LEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control. Continue Reading
-
Answer
20 Mar 2008
What is the purpose of RFID identification?
RFID identification can be used to keep track of everything from credit cards to livestock. But what security risks are involved? Continue Reading
-
Answer
04 Mar 2008
What techniques are being used to hack smart cards?
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers. Continue Reading
-
Answer
04 Jun 2007
Is the use of digital certificates with passwords considered two-factor authentication?
In this SearchSecurity.com Q&A identity management and access control expert Joel Dubin identifies the factors that contribute to two-factor authentication, such as smart cards and digital certificates. Continue Reading