Hacking of websites and stolen passwords continue to plague people conducting business on the internet. Most enterprise networks, e-commerce sites and online communities require only a user name and static password for logon and access to personal and sensitive data. this may be convenient but it is not secure because online identity theft – phishing, keyboard logging, man-in-the-middle attacks and other methods – continue to grow at unsurpassed rates.
Strong authentication systems address the limitations of static passwords by incorporating an additional security credential, for example, a temporary one-time password (OTP), to protect network access and end-users’ digital identities. This adds an extra level of protection and makes it extremely difficult to access unauthorized information, networks or online accounts.
One-time passwords can be generated in several ways and each one has trade-offs in term of security, convenience, cost and accuracy. Simple methods such as transaction numbers lists and grid cards can provide a set of one-time passwords. These methods offer low investment costs but are slow, difficult to maintain, easy to replicate and share, and require the users to keep track of where they are in the list of passwords.
A more convenient way for users is to use an OTP token which is a hardware device capable of generating one-time passwords. Some of these devices are PIN-protected, offering an additional level of security. The user enters the one-time password with other identity credentials (typically user name and password) and an authentication server validates the logon request. Although this is a proven solution for enterprise applications, the deployment cost can make the solution expensive for consumer applications. Because the token must be using the same method as the server, a separate token is required for each server logon, so users need a separate token for each Web site or network they use.
The difficulty with these methods comes down to cost; while being more secure than simple passwords, the cost to financial institutions and enterprises are still very high and keep many small organizations from implementing them.
The Initiative for Open Authentication was created to bring an open source approach to strong authentication. The organization has developed a number of algorithms which have been approved as standards by the IETF and are available for any organization to download. LSExperts has taken these algorithms and provide them freely on a server. This free download reduces the cost of authentication significantly and allows any organization to implement strong authentication. No longer do companies need to pay high amounts to authenticate their employees and customers. this is a revolutionary move in the authentication space and is receiving high level of acceptance in the marketplace.