What is Strong Authentication?
The Strong Authentication is a process whose objective is to ensure tha the user being authenticated in a system is really the person he/she claims to be. The objective is to check his/her identity and avoid any possible identity suplantation and its associated consecuences: Identity Theft, Fraud, etc…
When an user wants to gain access to his/her corporate network resources, uses his/her name (identity) and password (user authentication). This authentication method is based on something the user knows.
An Authentication Method can be based in three factors:
- Something that the user knows: Password, PIN (Personal Identification Number)
- Something that the user has: Magnetic Card, Token, Credential
- Something that the user is: Finger Print, Facial Recognition, Retinal Scan, Voice Verification
We can establish that Strong Authentication is under use when the user at least is using two factors to perform the identification process.
Physical Tokens that the user brings with him/her and uses with his/her password. If someone finds the Physical Token, it will be useless without the password and vice versa. If the password is at risk but the offender hasn´t the Physical Token, he/she will not be able to gain access to the system.
Nowadays the trend is to use Soft Tokens that are included in web pages and mobility telephones.
Another useful system is OTP (One Time Password) where the user, to be able to finish a transaction after the initial authentication process, must introduce a temporary password sent directly to his/her mobile device that is only valid to one session.
The objective, as described above, is to increase the security level and reduce the chances of Identity Theft or Fraud.