Authentication is one of the most important parts of any computer system, application or network. Without an adequate authentication method a network operating system will quickly become overloaded and insecure. In the early days of computers a simple username and password would be sufficient, and although this is still the case in many networks more secure methods are frequently installed to protect infrastructure which almost certainly is partly accessible from the outside world (i.e. the internet).
So although a username and complex password are probably sufficient for a small business or home network where trust is less of an issue. For corporate and academic networks which are accessible to all sorts of people, a higher level of security is usually preferable. Here’s some of the core techniques which are normally utilized to create more advanced levels of security.
- Kerberos : an advanced authentication system which allows applications and hardware on a network to verify the identity of a client. The definition of a client is important – it’s not just a single user, but can refer to other computers, servers and network devices. Kerberos is normally implemented by using third part applications which will confirm initial authentication and then provide verification to other network devices. It is used for example as the core authentication method in the Windows active directory.
- GPS: Global Positioning Systems provide verification of physical location potentially of any user on the planet. This is useful to ensure logins are only approved from specified locations and prevent remote attacks on a network.
- Biometric Devices: These have been around for many years, but have grown in sophistication and reliability over the last decade. They commonly scan eyes or fingerprints in order to allow authentication and access to computer applications, networks or merely physical locations and other facilities.
- Token Authentication System: Devices such as Smart cards, tokens or keys which are used to implement two factor authentication. For example a typical smart card will generate one time passwords which will work for a single session only. Others are linked with other authentication systems and will only work at a specific time in tandem with another device.
All of these systems though rely on the fact that the holder or user actually has an account on the target system or network. At the base of most of them is some sort of initial authentication – allocation of a username, password, photo id or similar. There are more complex issues at play when dealing with secure authentication over the internet, after all you’ve probably never met the administrator of your VPN provider. Many of the authentication methods used across the internet focus on different techniques for authentication such as digital certificates.
Thanks my bank keeps going on about two factor authentication and I didn’t have a clue what they meant. It’s fascinating to see what a big subject it is, I noticed that I couldn’t use my BBC VPN – http://www.youtube.com/watch?v=RXFAUCpwzm0 on gaming devices because it couldn’t handle the authentication side of it. I wonder if there’s some way of handling the authentication without using a traditional username and password? Perhaps some sort of pass through authentication?