We all know two step authentication systems which are available on all modern online services and apps. These offer a higher level of security for their user which do not want to risk having their personal data and files compromised.
These systems use different methods of authentication, from the simplest ones like receiving an SMS with a code, to other applications which generate a time-based code used to access the desired service.
Even if there are so many security measures, corporations and companies prefer using other methods of securing data, where it is essential and required to hide all sensitive data under another safety layer. When looking into these, we are jumping over the classic codes over SMS, and we are looking at more physical methods used for what is known as Hardware Authentication.
What types of authentication do we have?
Before jumping into hardware authentication, it is essential to understand the different types of authentication available on the market. Now that we got past the presentation, there are three different factors on which authentication is based:
Factors based on what we know
These are factors based on common knowledge, chosen by users. If we are speaking about checking the log-in with a password, a PIN, a drawn pattern or an SMS code, these methods are open to personalization from the user. They also create the simplest methods of authentication while also being the easiest to bypass. To counter the low level of security when speaking about breaking such an authentication method, developers frequently recommend using a stong password, occasional update or confirmation of recovery methods or of system access.
Factors based on what we are:
Biometric based authentication methods are at the base of this authentication factor. Them being based on the user's construction, from eyes to facial expressions and fingerprints, these are the strongest authentication methods, while also being the ones that are exposed to the biggest risk of errors.
These errors come in two different types. Type 1 errors refer to the impossibility of authentication for a real user, error which is usually found at a system level. This type focuses on the system not being able to correctly identify the characteristics of the real user who requires access.
Type 2 errors reference a failure in blocking a person who does not have the necessary permissions. This error is presumed to appear more based on the detection sensitivity of the selected biometric method. Looking at it from a neutral perspective, this has a bigger final impact, as it cannot secure data external users who should not be permitted in the system.
Factors based on what we have:
The base of hardware authentication methods, requiring a physical item to assist for successfully authenticating into a system. As they are usually used in companies, they are set up to offer fast and easy access to an employee to a system which contains critical data. Token based systems come in many forms and shapes and use different types of codes and password, from static passwords generated on the spot, all the way to asynchronous password which have a time limit.
To make them even more secure, these methods are also assisted by external factors which are usually employee dependent like an additional password or a specific PIN which is only known by the users permitted to access the system.
One of the downsides of using such a system is in the case where the authentication method should be disabled, the hardware token usually not having the possibility to reconnect to the previous system. These are set up at the beginning and if anything happens, they cannot revert to a previous version.
PROs and CONs on different hardware authentication methods