- There are also other forms of authentication aside from passwords that utilise what is known as “zero login”
- This aims at removing or reducing the need for the user to manually input their details and instead rely on the system to verify the users credentials automatically
- One such type is known as biometrics where the user's fingerprints or facial features are scanned to provide unique biometric information to authenticate the user's details.
- Newer methods of zero login types of authentication include the use of networks, location, device data and human behavioural patterns to recognise users automatically.
- Although these methods offer many advantages there are some concerns that need to be taken into consideration. They include:
- What personal data is being collected?
- Is the collected data being kept securely?
- Will it log in and out at the correct times?
Magnetic Stripe Cards
- Magnetic stripe cards are a form of card that stores the user’s data on a magnetic strip usually on the reverse side
- The user scans the card through a reader where the details stored on the card are compared to the details stored within the system. It the data from the card matches the data that is store on the system the user is authenticated and granted access
- The advantages to use magnetic stripe cards include:
- Widely used and accepted
- Cheap
- Simple to use
- A single card can serve multiple purposes within an organisation such as doors, purchasing food from canteens and accessing IT equipment
- Disadvantages to magnetic stripe cards include:
- Some cards use a holographic or photographic ID to detect forged or stolen copies
- The card can may need to be scanned multiple times before the user is accepted and authenticated
- Cards can become damaged or wear out over time (especially with constant use)
- Cards can be easily cloned
Smart Cards
- Smart Cards are cards that contain a chip and can be used as contactless
- The card does not need to be inserted or swiped through a machine and can be detected from a short distance away
- Personal identification information can be stored on the card such as name, address, date of birth and/or banking information
- The information on the card is encrypted which means it can only be read by authorised devices
- Often the card will require a personal identification number (PIN) which is needed to access the information, providing an additional layer of security
- Advantages of smart cards include:
- Durable
- Use for a wide range of applications (Payments, Access Control, Storing personal data
- Enhanced security (Compared to standard cards)
- Disadvantages of smart cards include:
- Risk of loss
- Initial Infrastructure requirements
- More expensive compared to traditional cards
Physical Tokens
- A Physical Token enables authentication with the use of a small physical device
- To access a system that uses a physical token, a user will enter their username and password into the system, and then enter the security code generated by the token
- The physical token can be directly connected to the device that the user is trying to access or the physical token will generate one time password (OTP) which is then entered into the system manually
- To obtain a one time password (OTP) the user will enter their personal identification number (PIN) and any other authentication requirements into the physical token device. If all requirements are satisfied then an internal clock will be used to generate the one time password (OTP) which is displayed on its screen
- To enhance security, the one time password (OTP) changes frequently and each code will only be valid for a short period of time (usually within 1 minute)
- Advantages of physical tokens include:
- Offline authentication
- Portable
- Disadvantages of physical tokens include:
- Cost
- Loss or theft of the physical token
- Physical dependance
There are two typical of physical token:
- Disconnected physical token
-
- When using a disconnected physical token, a separate device is used to generate the one time password (OTP) which the user will then enter into the system manually
-
- When using a connected physical token, the one time password (OTP) is generated and passed to the system automatically though a physical connection and does not require to user to enter the password manually
Electronic tokens
- Electronic Tokens are a form of application software that is installed on a user's device (usually smartphone) to allow them to authenticate their details and allow them to access a secure website
- A user must download and register the electronic token software app prior to accessing the secure website
- As the website prompts for authentication, the user will open the app that will provide a one time passcode (OTP) which will be entered into an entry box on the website along with other forms of authentication such as a username and personal identification number (PIN)
- Both the web server and the smartphone application have synchronised clocks which will generate identical numbers and should the authentication details match, the user will be granted access to the website
- The above explanation is just one method of authentication when using electronic tokens. Another method is as follows:
- The website will prompt the user for their username and password
- Upon successful credentials the website will generate a code
- The code is then entered into the application software on the users phone which will generate another code
- The generated code from the application software is then entered into an entry box on the website
- Should all authentication methods pass successfully, the user is granted access to the website