« Washington Post reviews SpoofStick | Main | Earning electric karma »
Fortified answers
The Fortifying Network Security newsletter asked me to answer three questions for their June 9th issue. Here’s what I had to say:
Question: What authentication method(s) offer the best performance and lend themselves to widest, secure use (PKI, biometrics, smart cards, etc.)?
Libin: The most secure and most reliable method of authentication is a one-to-one, locally matched biometric, recorded in a validated digital certificate and stored on a PKI smart card. The PKI smart card is almost impossible to duplicate, providing a very solid "something you have" factor. The local one-to-one match protects privacy and greatly reduces false identifications; a validated digital certificate proves that the whole package hasn't been tampered with and that it's still good right now. This triple-holy-grail of authentication used to be very expensive and cumbersome, but recent technology advances have brought both price and complexity way down.
Question: When adding authentication to the security mix, how can enterprises avoid adding management complexity from new identity management tasks?
Libin: Some work is always required when introducing additional technology, but a properly designed authentication scheme should reduce overall complexity, not increase it. Once you have a consistent way of doing authentication ¬ knowing who everyone is, and validation, knowing what each user is allowed to do ¬ tasks and applications that use your identity management scheme actually become easier to write and manage. Do some work up front; save a ton of work later.
Question: What key feature or element should enterprise customers insist on where authentication is concerned?
Libin: Convenience. If it's hard for the user, they won't use it, and you'll be worse off than before you implemented it. Period.
---
On another topic, I’m in the midst of some marathon traveling, so the frequency of my posts for the next week will depend on the complex and unpredictable interactions of airport delays, food digestibility, broadband availability and general time zone wackiness. On the upside, I hope to buy some keen gadgets.
June 11, 2004 | Permalink
