In our most recent blog post on RapidIdentity 3.5, we announced the new authentication methods available to our customers. Each of these authentication methods fall under the three standard types of authentication required of users: something the user knows, something they have, or something that they are. In announcing these new authentication methods, we’re supporting our larger multi-factor authentication vision and the ability for users to utilize the authentication methods that work best for them rather than simply having passwords forced on them.
To expand on the announcement from last week, here’s deeper information on all the authentication methods we now have available to users, or will have available in the very near future.
Something You Know (Knowledge) Methods:
Password: While we don’t want to force passwords on everyone, the password is still a valid authentication method. For increased security, passwords can be controlled by extremely granular password policies.
Challenge Response: What street did you grow up on? What is your mother’s maiden name? Where did you meet your spouse? These are all examples of Challenge Response questions that could be used for an authentication method.
Kerberos Method: Also known as the Samba Method, this is an easy method for users because it doesn’t require an action from them. If they’re on the corporate network, they will SSO into RapidIdentity automatically. Behind the scenes, RapidIdentity grabs the Kerberos token or ticket from the client device and uses that to identify the user. This is much different from other methods where you must provide a username and then the system challenges you for each method, such as Passwords, Challenge Responses and One-time Passwords.
3rd Party Social Media Methods (Future Release): This method of authentication has been popularized over the last few years, and for many websites has become a method of shortcutting the account registration and login process.
Pictograph (Future Release): Rather than typing in a password, the user can select his or her assigned image from a list. This is a useful authentication method, especially for younger children or otherwise impaired end users.
Something You Have (Possession) Methods:
Time-based One-Time Password (TOTP): We support Google Authenticator as a Time-based One-Time Password. This is different than SMS One-Time Passwords which send a code via a text message. With TOTP, you have a software or hardware token that generates a new One-Time Password every minute.
SMS One-Time Password: Unlike static passwords which remain the same over login sessions, SMS one-time passwords issue a user a new password sent to your mobile phone for each of their login sessions. So while the password could be considered ‘something you know’, it’s really more ‘something you have’ since it’s housed in your mobile phone.
Geolocation: Geolocation uses location information to determine the whereabouts of the user when they are logging into their account. This method can be used to identify suspicious login activity taking place outside of a user’s typical geographical area and potentially stop malicious account entry.
Bluetooth Proximity: Bluetooth proximity logins only permit users to login to a network when their bluetooth device is within range of the bluetooth source. This is a convenient way to pre-determine which devices are permitted to access the network.
Something You Are (Inherence) Methods:
Fingerprint Scan: With the commercial incorporation of fingerprint scanners into devices such as the iPhone, fingerprint scans are some of the most well-known alternatives to traditional keystroke logins. Fingerprint scans are one element of the overarching umbrella of biometric logins, which use unique physical traits to grant access to information.
Facial Recognition: As one of the most complex biometric authentication methods, facial recognition currently has limited instances of application in information security. Early adopters of this security technology include banks and credit card companies with “selfie” logins.
Remember, by combining two or more of these authentication methods and using an overarching multi-factor authentication system, organizations can add an extra layer of security that can help deter even the most ambitious cybercriminals. With RapidIdentity’s latest release, you are not only able to add these extra layers of security to your organization's networks, but also seamlessly integrate them from a single platform. To learn more about RapidIdentity 3.5, click here.