Every day, two-factor authentication - ATM-style identification combining the use of something you know (a password) with something you have (a token) - proves itself to be an essential part of broad-based information security systems, mitigating multiple threats, and protecting identities and information assets. While never claiming to be information security's silver bullet, strong two-factor authentication plays a crucial role in protecting vital data.

In the fight against Internet crime, the static password is the user's worst enemy. Two-factor authentication eliminates the risk of most phishing attacks, which rely on the mass harvesting of identity and account information for "replay" later. Two-factor authentication also prevents user impersonation through guessed passwords or with passwords harvested from other sites - a prominent issue today as users struggle to manage multiple passwords across various online accounts. To suggest that two-factor authentication is useless because it doesn't directly prevent real-time man-in-the-middle attacks - in which the attacker sets up a fake Web site to which he lures users who then unwittingly enter their personal information - implies there is a fix-all solution that will solve the problem.

Users need a convenient, reliable way of recognizing when it's safe to provide a credential to an application, and of verifying that the application is authentic. Along these lines, RSA Security has been exploring new ways in which the browser and operating system interfaces for user authentication can be strengthened. We are working with other leaders in the industry to raise the standard for authentication interfaces and, in particular, the protocols for authentication exchanges with Web sites. These improvements, along with protections against various forms of malware, will go a long way toward addressing the legitimate concerns raised by man-in-the-middle attacks. More importantly, they will help to ensure ongoing consumer confidence in e-commerce.

Strong two-factor authentication has proven itself to be a highly effective means of protecting corporations and individuals from a multitude of cybercrimes, in both business-to-business and consumer applications. In conjunction with the other developments outlined above, two-factor authentication is more necessary today than ever - the reason why organizations such as the National Institute of Standards and Technology, the Federal Deposit Insurance Corp. and Microsoft have identified it as the way forward. The idea that it does nothing to protect against identity theft is not just incorrect - it's recklessly defeatist. Like a doom-merchant advocating there is no point in locking your front door if you live in a war zone, detractors are missing the obvious point that there are dozens of threats out there - and no one solution will prevent them all.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports