IT security // Strong authentication
Strong authentication for security-critical applications in public authorities and companies
The many and unfortunately successful hacker attacks of the last years have shown: protecting data and communication with user name and password is not sufficient. Even advanced procedures that require the additional entry of a transaction number do not raise security to a high level. Rather, strong authentication is required, especially for security-critical applications in public authorities and companies.
Really strong authentication is based on using at least two of the elements “knowledge”, “possession” and “physical characteristic”. It should consist of:
- something that only the user knows, such as a password.
- Something that only the user has, e.g. a chip card or a digital certificate.
- and / or from something the user inherently possesses, e.g. his fingerprint.
From cryptovision’s point of view, protection with a smart card and digital certificate is currently the only genuine strong authentication. It works with two factors (ownership and knowledge) and is also strengthened by the creation process (generation of the private key) and the storage method (only on the smart card).