There are a number of authentication mechanisms online, all suited for different purposes. We use a token based system to access the network here; which is based on a combination of a number generator and username and password. The number generator is an interesting addition, because it makes use of a principle where you are authenticated based on “something you have” not just “something you know”. The SSL VPN authentication mechanism gives you access to the entire network though, so it has to be reasonably robust.
The reality is that you authentication schemes need to match the asset that they’re protecting, and balance that off against the hassle users need to go through to acquire access. It’s an ongoing debate we have at work, about how tightly systems should be secured or how open they should be. It’s all a matter of risk at the end of the day.
Comment Below ↓
There are no comments yet, be the first!