866.656.3338 sales@diversecomputing.com

Pros and Cons of Advanced Authentication Methods

Date Posted - 20th Aug 2013 |  Category - CJIS Security Policy, Common IT Headaches, Newsletter

eAgent_X2_Web_Image_Ver1_Cropped_550pix (1) copyPros and Cons of USB Tokens, Proximity Cards and Biometric Methods

Last week we wrote about the different One-Time-PIN options that are typically used with Advanced Authentication (AA). Click here in case you missed it.

This week, we will review three other AA options that don’t use One-Time-PINs.

Picking up right where we left off, we will rate each method based on its affordability, security level and how easy it is to use/administer.

Biometrics

 How They Work: Anything from fingerprint scanners to retina-readers, biometrics use parts of our body that are uniquely ours in order to authenticate our permissions to the server.

Of all the AA methods that we will discuss, biometric ones are the only ones that authenticate based on what the user “is.”

The most common biometric method is attaching a USB fingerprint scanner to the user’s computer.

Cost = High: Despite advances in fingerprint scanning technology, scanners are still expensive, and you would need a scanner for every computer.

So the cost is significantly greater than the nearly no-cost methods described last week.

 

Security = Excellent: With most other AA methods, the second factor device can get stolen from a user and potentially used to log in.

With biometric methods, you remove this possibility altogether.

 

Ease of Use/Administration = Difficult: Fingerprint recognition systems provide the most opportunity for user error.

Are the user’s fingers clean?

Is the scanner clean?

Is the user positioning his/her finger correctly?

Was the original fingerprint scan a good one?

Consistent authentication errors can cause the users to become quite frustrated with the system, and the administrators even more when they are constantly resetting the users’ accounts.

There is also maintenance involved with keeping the scanning surfaces clear of smudges and dirt.

 

 

Proximity Cards

How They Work: Proximity cards are just what they sound like– authentication as long as your card is on you.

Users are issued hard plastic proximity cards and can place them in their wallets, on a keychain, etc. Users don’t have to worry about inputting a One-Time-PIN or do a fingerprint scan.

When the user logs in, the proximity card needs to be placed near a reader that is plugged into the computer.

 

Cost = High: Every computer would need to have a card scanner, and every user needs to have a proximity card.

 

Security = Good: Just like other AA methods based on what the user “has,” proximity cards can be stolen from a user.

But the thief would need to log in using a computer with a card reader, so that adds a bit to the overall security.

 

Ease of Use/Administration = Very Simple for Users, Difficult for Administration:For the user, proximity cards are the fastest way of logging in since he/she doesn’t have to look up and enter a PIN.

On the administration side though, the admin would need to register each user to his/her card as well as to the reader.

In other words, there are two registration steps instead of just one.

 

 

USB Tokens

How They Work: USB tokens are placed into the USB port of any computer and authenticate a user just by being plugged into the system.

It is similar to the proximity card method but without your requiring the reader.

 

Cost = Medium to High: You save a little bit since you don’t need to have a reader.

However, you still need to purchase USB tokens for every user.

 

Security = Low: USB tokens can be stolen from a user.

Or even worse, the user may get lazy and just keep the USB token in the computer, thus reverting the system back to a one-factor authentication system.

 

Ease of Use/Administration = Simple for Users, Moderate to Difficult for Admins:

For the user, USB tokens are incredibly easy to use.

But as explained above, the user can slip into the habit of simply leaving the token in the computer.

This could make it an administration nightmare from preventing this type of behavior.

Furthermore, mobile officers have been reporting that these USB devices break easily.

Thus, you can expect admins to have to replace devices regularly if you get a batch of fragile tokens.

 

 

As you can see, there are many different options to choose from if your agency decides to implement Advanced Authentication.

 

It all comes down to what best fits your agency’s unique environment.

 

–  What kind of budget do you have?

–  How much time does your system administrator have to install and operate the solution?

–  Which method will your field officers like the most?

 

Answering these questions will help you narrow down which solution(s) would be ideal for you.

 


 

We have created an Advanced Authentication solution that law enforcement agencies the flexibility to utilize 4 different authentication methods for their officers. Click here to learn more, or call us at 850-656-3338.

See_how_it_works_HP_CTAB_75pix_Tall copy

 

If you find the content in this blog useful and would like to receive this information on a weekly basis, please subscribe to our newsletter here.