Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Easy 2-Factor Authentication You Can Afford



 By: Steven Vaughan-Nichols
2007-09-07
Article Rating:starstarstarstarstar / 2


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Opinion: Everyone knows two-factor authentication is the better way to secure networks, but it's also an expensive pain to implement...until now.

Ask any security guru. Whats makes for better security, two-factor authentication or the typical one-step username/password combination?

Even Homer "Burns Nuclear IT Assistant" Simpson would know that its two-step. Of course, Homer would probably think you were talking about dancing, but you get the point.

So why arent we all carrying authentication cards for our computers, have fingerprint readers on our laptops and retina scanners at our office doorways? Because implementing two-step authentication is both difficult and expensive to implement.

First, most two-factor authentication methods require you to buy additional equipment. Thats never cheap. Then, you need to integrate the two-factor system with your existing network authentication infrastructure. That can lead to some staggering IT overtime bills.

I know. Ive been called in to see the aftermath of an attempt to integrate two-factor authentication into an enterprise network that was using AD (Active Directory) and NT Domains for authentication in a mixed mode LAN. "Ugly" wasnt anything like strong enough to describe that particular train wreck.

Then, lets say you want to incorporate two-factor authentication with SSO (Single SignOn). Perfectly doable, but again, it can be a real pain to get it working properly.

Resource Library:
Lets say you do all that work, though. The system works perfectly...if it wasnt for those darn users! The USB key? The one that serves as the second factor? It now lives perpetually in the PCs USB port.

The laptop fingerprint scanner? Whoops, Joe Salesman left his ThinkPad T61 in a taxicab and he needs to log in from a desktop at a coffee shop.

If youre in IT, you know the drill. If users can find a way to avoid security, they will. If the user is on the road, according to the research company InsightExpress, theyre even worse. According to this Cisco-sponsored report, 73 percent of mobile users admitted they are not always cognizant of security threats and best practices. More than 25 percent also conceded they either hardly ever or never consider security risks and proper behavior, offering reasons such as "Im busy and need to get work done" and "Its ITs job, not mine" as justifications.

Click here to read more about two-factor authentication.

So is there any way that will let you quickly, easily and cheaply put two-factor authentication in place? As it just so happens, we think weve found one.

Jim Rapoza, eWEEK Labs director, recently reviewed a new two-factor service called PhoneFactor from Positive Networks. He loved it. The rest of the staff loved it. Our IT staff loved it.

Heres why.

First, theres the price: free. No, not free as in open-source software. Were talking free as in beer. Next, the second-step factor is, like the name says, the telephone. Thats it.

It works like this. You set up the free service to work with anything that supports RADIUS (Remote Authentication Dial-In User Service).

This is a common-as-dirt client/server protocol authentication service that almost everything supports. Once its set up, your user logs in, as usual, to the VPN (virtual private network), Web mail application, whatever, via Radius. Then, before letting the user in, the service rings them up on their phone number. Next, the user has to hit the pound (#) button.

Thats it.

No special hardware. No need to use only a particular PC. No integration headaches. No costs.

Whats not to love?

If Joe loses his phone, so what? He calls up IT and says, "Switch my PhoneFactor number to my hotel room," or his new pre-paid cell phone. Thats all there is to it. Hes able to get back into the system without any fuss or muss. Of course, if you want to get beyond the PhoneFactor basics, Positive Networks will be more than happy to charge you for such features as support, customization, better integration with your existing systems, etc.

I dont know what the extra costs are, but frankly, if I were a CIO, Id be happy to pay the bill. This has got to be the easiest way Ive ever heard of for implementing two-factor authentication. And, best of all, since it relies on ordinary telephones, if your mobile user has any way of getting on the net, he or she can also be securely connected with your network or applications.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Easy 2-Factor Authentication You Can Afford
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Steven Vaughan-Nichols
 


x}v㶒s{̎S$uR/ٖڱ-oKN眳4 I)l3yu~|n|tfڽږP(T B K9w4ôG1%ىc}{Τ~HRcg͛6{(ːԫg ѩe軫F]̑]i7;#|6%o;|9|ALTadL8oɈ^DQ_Fܨle0-ZAzR j9a?Y$)qH&Z=$?(B4j$oaX}؁䛟V8ALÉL}!*{:|HJ%hᐨ1"|xLG{໵2 w:b(QC, w-mvHM-GVekVl"3ș30?Te L4H 9UHI^tXF?D9zuur<r4 H؎MEnY [پ :ۑLmL=kw"$ENX* ?q74LaHO LE3ˡ,kFp0閩lȺu[˫A(BX>P5x>woچs[=}0q*sܜLϿvϕ+E}v!􏂺,;Vж켦 u9[yи8sD9W[YHM~c/DR˅Bmd"A >l9 P%opAW|AAv$0L" J2~̢2Qu;-^m^:E,3sATy22CXY2 LU5Ms%kr>nu>9SɀdjAZ|YkU[_{_C"wApHj@R3?>]8>IF±,N/gs`HlDmYܺ̐LR 9ɽka(7sF`dX@7? iP2ML8oZujgt0KPx۬1 rƒ 4K_S9nZK=0[=RFpƚ\ Дaǘذ 1"% vJq_K XR $}'嗋m|*(If(;=^f/\R@2p1STW9/x_5 .!feќ,Ӆ]Wa o^\zcfut:~hu-xXnvZM( 8ǹ:mn:+t =J j"JG-dj`qaeJݠCmj9wMI@utiM>PÜNͶOCGs>hH2AC66^lzK 4}l>#a 8 +Gsݺ|LnXŞ+ P߭g`I l"]LRmd;>ld$4(sw[LL `rwC@b!LTE}vACЦ ,Zz] wA,߃9#z[LKx GN }p ]x9-RC1@ =JIA mFt"AђF *4 g3#X"C"'G3`[X;.VKŤ\*y"JM':ΝWKRx&,S,BV-KᗄPf%i2mń(VFN&Qea*0pRx5Rn,`oJ-?(WS& MX̰řhjZi &𝀜h`3Ґ( s?{\ 7!v:%3t0fXfZ1kN`LaǺ@32iӆ$rTDhL˄r=6=cjkȑL%~K;m0s k2 'yv=&.У\8$/4<3_O#k[} J% jJ}: %r% 5kb$T`CY3j-ysp d֌O,s1r@y?T9XScX`Dw Lz?v&m/n$)L`V|\tk--%ւeۏRu%z_No6Ҿ0sm- "4@Xc-W00^Ԣ.(-P|U$"!tùdXGJE!1~h/a2(nw߱>{jaaC+ WLYZf[eҖtp u;.Cϱ u='7c-`cg@~R9gS?&]dpܱD80V}2Pa"V&fj>Y[*^|W(+ȁUruXkjw2잶)Υ_p=O[- V}:Le"6XCjiV㎍WKH.Z`" lX.)Ui?K~5<2.eX"{:ܯ d͞0RK´9& ziDe˜,o& #ȑaϗ~ԧ^ۨ`lEke808-Ko5=;Ȣ\Q݀+w`Sքw& 0}yXC Awt\d 0!ϵP\Q-W0"sKG疪bd$܄h@.&IڶhlTzBR7ߏ90gted- IR-ȗUTJs3;~nQet4R:wC~y6s^nM4,~R~K>nḟG>X-ƌ1;h'0ɿ`c ?e_́<]Ia/cҧJǦ8@ĺ7BrUɫ-Mέl/#Ϣ=OXqD UiNH@%5- ?ŤFlЀYϸ q4|\_.(St į 0-O]U*Ղʾ_YIWC7{!jf#Q k` 9v}G(,?aC$\xbb>f,}PX_6emEfH^ab2U{Y@o& -E+ "!Τͬp#[|Sǖ35rum/\YJq5PϦW|{k D^ f> s\&q3k#B>ϡ]WR 1F)W|փ3+l?0MO'6賻_=(Ua]d WB'&#=ԕO~1Adm CsCd .E;"q&DdkŎr {QF!<$`tP.bWa;8l..]>lf#<,Qhn1] ק>q["c'۝6RsϹE(5uRRX\U Q!f.S_5u_֦&'ny, MҧyỵV2# e 46-.wE]iۛ4\l&\#2OB8KYM,aTJp٩iAnfZTrMr*g0k(r/ܑ?~nsP>(Kd3 GX⺆abQX rrjT jrF2R@BZB$d1~BŞv.{i}ϱ0qsfNkw. 3ozY~ZrvXh\c0MJ˓/T#:uԾhow0[-@ezLR({F]q?Ľճ"b{<9i_;i/R`f{+G^s!\4߷/ŗ4ǝ5?nV#˖:\tKCȃ,!y[FSLuk3d4)Hg~H/6b+:Z_Ku͙9\z$ycg0u1۔}gCS ºUXȬy`|]L($TZE 1 KLGWOѱ{iD @X:Uaҏ"穔(BS.hDO§,uܹnrsslo}AJNnVZ-[N7S+t,C=]/8ʊ=?.N:i$}B֘Nlp j`ySrFvHEpQZinu zsHƦaP;D^fTDxS!OJ>]-e%QJ=&ZD܎qw5Q4'{qI9.p}?K`\Tyr^Afv?KY;K !bi4V3YTj6lcc Zy‡i'K-;݌ƑgOa|430[f؞qfdbLdrOB%7÷Cw#S'gSc3/HF#%wg&RϰlF5!a_Ъ õaV:p$|#؈O_Oo*NƊ f¹V7O_M_k S Mk/!/1 %&̼V&&( zqi+Bt k #w5R*Y1%3F#18q nxs9Q.>@JFZfKb4xAvY uIUc{kX/tnF9ijJKW&?߂Ѵlt Ґb^ɫkX0> JT"Jԯ_J!DSz"<ؔ!+/ŐpAw- 0oTkjQ05|郋J#%-ƩM(fYbJ@D $lp'J*Z Q _k<"|.yυ37KNX)7n33 q_7G7G7G7GxGw;chfĭWzc L'5&D{H1p$L' 48Msk;5F4Mg(AӤ7dK1M/!>TJ&&y[4)Xc]{Ӽb=|ς"'> $ף7/jC>-OIиq*i҉k>k]SϊϤ0HB3´PG83 O0<1P@v|IB1SixZyNtLjT`9xoaLsbFwYc}!ؤWi,{%*3} atذKXXlJP\12C7tjᐈP#$VhlS{C.y1gpb7Ėlvtg2/|<,pU'XT8"A$A$1D+1iU57fK%(@Q樔/*ġ 8"5RlA+qL[+\o>VɺR:((_U7ՂZ"mo|[>vM,߰ύ}->įd>%v`jVq'WYwcBD ;ذ{6>:"}t^! i_&>.}j,Z` Gםqgil|WM\{S)=KxMܱ+WJ_~#w{l븚e)}M\ W{//㎆#wŷqzj7u̴"g`nِ7*D^M lw~DQvj}e&*嵙J>~oB>WV4IA ߰:</2=uaYƞ<:qBιu,_~~$Dzw>o- @fphV_fHHA$8&S#}f8ET0,-rdjkp1ᖁCyr.́vpt?;cg1e vpl6 ~#^+"x7 χyT[[ _UkZ|2О$Mw qL[bd= Tכ7OQ5لHm Dxsnvz:Y{:2cٿgs~ es^7>kE_A-iΞCa]0×qQ I37}bþŝG+/׻aS@am${5"&1MU).b[M|V{#ou?$n&cu ,!@NtޜhvPn'.'&>y|`'㷈b!pSU{?^owgc$H|%F<绹솛vDD^<(+z5t3Upo?mLG~+txwOR]㫉P>6sCv-N ra=ʱ,~|mEiDi.1ؕ`e9L cWF%5z J 0뷾AX^qV3&V0CuX]R3?_o[a0_1v\M!'p.d%ˉ};AE! 46 KfRlǛhBda}N"F dѴB.]cbw+ʁ\rOQ/si^,`Vd1ޥtW BZc[WesQj5NRU BISk{k6wО3#mz^C GJk&pVy k+mLx[8Ow| 􄼥޼vgO%YձHz,;]qI>H ~sG^Dn-t!xGZlSKMµOAʤ 8Ieuף:̹O$MD0U 2՚:<Ƅo[\\#ռRW*Y%Q.s䳀r.3P="uɽv=/=y/T[gHp\<^K’ПF!%.`GV$(bX Az/[ y@@ +}}h龆cY1TcJ74?(x0K{IF^YA 80ڱ]w&-Rݽ<%՘?g_abusι s deva0̊ۼ%U$d[htowNQg)q8 @gL5m:q T75|G*%FŸ_E%9|lZqaHÃ..K|Z*F&#ZIi+844xy&LO9c  Ą):6$Ae5T?0м`7{qB |U[Y>_E_tKgQLˮvoB`(x`+jG"?{| Qd>pXHґ!ǿ6ȝ4 *2zސ:#YH aIm{7R[ $y?DD&?/Ѻi~F~he{Z] dyxk`Aߑ7r6#죋Bلa -9$.+Ja SN [z1?:?pa)fGpV%A1HvdB~w[7?__v5'0枩T-1Șh MQ ҖHxDirvtV$!":JLLn#B s83DD#^ôukj{"iuDޝ6X/u2';+&(q E b{GLƙ;fQs|w,@t(.( oIYPXPB5DuSJn67p>9 Z,a&4;`F" N-g8ĭ1d`r&f)p͒s\jfN+/ @}:ςlQغ9P0}(-ŌCZQJФ*!dW`cU-%N+_) {e2Vq9Lz%2M5+^@02dg44\KŃ$͈ɵ7>XF9\&9nHQ}kw.QsǞ%_QBss}ٺn_2SӃSf&E`4ejE)SC9,j6Ww^;OK"顱8?/^ٳ'Q?B)Qe3 \C QW~0`b_l)o\zjŵ6v#g5^LW%ǎFV9mfx9joӶ PT8i67anq4ħyG:L#4[E95Bkʯzuq85'@֚c(?^]~ 9]C5V3I>YSr5埠s>v5sX >b }/>ksX ϋ5yy?QF/#\S~gkXS~ka|/׌%\3~Y_?k5Ӆw z@/?}X_r5~7P~f @7kڿYɹNCP\#g+\8=R)/eGkT} ӺrXB])?5@~v_˰ZCr!~5^}{+sg#q$^a芪[^&i4v+inp_/Σ{i KI%<$xEqZ& 3l?V\[[,Oнۺ{' Jݓs+z`Oc.1پWߕ\~Uny+t"LXE)9s8Gc_%f1'a~!fD4+[HO8ѭeIbARX-}}L+J=*n}7}v#y a~L|uӚܴO]J8hg?>/yd֪WV5lNA6K'E>YY,p}s&pN!3J8o |Yf ԳpNR?kj -B9jhN_i{N|3rX-H$NR V˕R}#\#`}{5/T$`r|Y9(+PPफ़h[iRohF>ǡ'!pC>fJ5!D`5~L@L6"/cA6of.3^8ռD@O'%ÙgHX&58W!7hlգ{wh9đٴ)9P 'àN4WЫ ȅ&f" 9oޔ_C ΅*˗ XV2YPӅbvQY򿦦~˭d<@̫b)m+ dH|b[;$}F(2!>paxap[tdr\q)ƁsWLZ/M mݓi:F` gqM H0>VxUXt)SLi?pm oHFsFo"95GeZ}QJDt#by}rLucתHh1 0'O5wl& }]pz5sұ%u ]vܙ%O/TB# l}މ鳫J۾ @z_P.;4m>F2#zO]vBaI3ܴ,wyC͞39LJ&hW[l,)1{癚$z WdгwIl@O X1W;2>Ş_ =6g\s79=Ǧ egW, "s k!׶:+2=jQwh}tW+v݊P?&. (P"cqm !31n]WXN1Y{N6 )4M˚ѝyXI%#9wr\鱽$0\d~\e;Tlv[i>ZOe[b8ŗ|Ny|X.e3&Yұ5*5S2m)yir};{,ݤd/+2b%m=H몤$/ ]* %Cb9G8]! ""_Sanioy㲁e"=`S h9i3YX:9Am'{ٺ*l܅iLUhHl[:d2-kc'pG!MX0 n=ձ]w O`7G}޴û%̯9"e`7g#~"3Vœz2`:FS`܀}olI Of9w죗iO?J B ϱ5Q]& Ԣ?Ng(\*],1Ał?rL#IAsg_(LˀWvm:yDt[] vE hӁex< D#VJrX}PoS. O3й?m%Hʶv*E| X^c0У,208utvKѲ V7"aa^n1n,SLN%* )*сHjJdg'S #r%&fJy9{V(!㩹i27; !\J3F έԁg~ #=<\d9sлji(\@4jiSwTZxm'[Kq@S 1s1+\e"F| Yx37 "7 mN/\ ᛤJEMǟ ނ8Lse9'!ۿYIh}QKM¨=cF}IIt!Rǝ7>厫ֳ]nw ϋ?u?2w/&G3Ь,o~q"F%i:D=|N—IJB@Xx’MzCNqC7<* wTnv1q0>J[4P9,'3z쨭$Cqḓ;rX=z @'0egbHjzX}Tj~*w xWaG 2E)r4 a_X:fpV2ڎ#ZKX2Mf?WveG /h=DlAnykk|}pڹI͋CA+zyj(a' ѨTrߴzK;Ô#\y·)h!(nъ:Vջj/'+-f 6x4sx(AUzK0Rr&BbV>K cQLQ1C X-`ނ"f{k;a^Wz ۔Bo?nD'!&WV)j9Qg:fMf-#+L _<9?