ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Enterprise applications Toolkit

When three-factor security isn't enough

David Berlind ZDNet.com

Published: 07 Aug 2003 11:50 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

When security professionals compare notes, one of the first questions they ask each other is whether or not they have one-, two-, or three-factor security. If Priva-Tech can convince the world that a fourth factor exists, the security conversation could be changing.

Single-factor security, widely regarded as the weakest form of security, is based only on what you know. This could be a user id, a password, or a combination of the two. Much stronger is two-factor security; usually a combination of what you know and something you have. The ATM card that you have combined with the PIN number that you know is the most common implementation of two-factor security.

The third factor, and one which has recently been getting a lot of attention, is who you are; it is always, via biometrics, verified by a body part unique to you -- your fingerprint, your eyes or your face.

According to Gartner security analyst John Pescatore, "Because of the cost, you rarely if ever (even in the most sensitive situations) see all three factors deployed simultaneously. Biometrics is usually used to replace the 'what you know' part because it's so weak. Even for the most secure installations, doubling up with two factors -- who you are and what you have -- is plenty. But even that is expensive.

"For example, banks want to get away from PIN numbers because people forget them. They could do something that is a combination of an ATM card and a fingerprint reader, perhaps with the fingerprint reader right on the card. But banks have been slow to move to a better system because the cost is so horrendous."

If doubling up with two of the three factors is enough (and still cost-prohibitive for many), does it make sense to have a fourth factor?

Priva-Tech's Jeff Minushkin thinks so. The company, which he says has been in stealth mode for several years and servicing government-based clients, is ready to reach out to corporations with what he says is a fourth factor of security.

Next

Previous

1 2 3


  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
131 out of 218 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Enterprise applications



Related Jobs

S&P (Security) IT Specialist

Non Technical skills - Security methods and practices - Data encryption technologies and products - Operational security and trust models - Physical ...

Lead Credit Risk Analyst - Up to 40k

My clients offer the opportunity to work in Fraud and Credit Risk systems, Scorecard building and Credit Risk MI. You'll be a hands on practitioner ...

Server and Network Manager - NHS - London

An exciting opportunity has arisen to work in a large NHS trust based in London. This challenging role requires an individual that is willing to come ...

Featured Talkback

The internet is going to have do a lot of maturing before it is ready for this kind of traffic. Security is always going to be a problem, connectivity is poor, and most business's are unwilling for their employees to have open access.

By: ator1940

Read full story:
Microsoft prepares to take Office online