How they work
Certificates are typically used in conjunction with USB tokens or smart cards but can be
implemented separately. A certificate is assigned to a user, a token or a particular machine and is
read during the authentication process. Certificates are much more secure than they were a few years
ago due to better encryption and more robust certificate stores.
Pros and cons
Certificates tend to be a stronger style of authentication, but come at a much higher cost. The infrastructure typically required in an enterprise
(servers, hierarchical certificate server domain deployment and personnel) is pricey to set up and
maintain. Third-party vendor-managed services help, but this authentication is still more expensive
than most others reviewed here.
What to do
Organizations with extremely high security requirements, such as government agencies handling
classified information, will want to consider certificates. Today, there are discrete pockets of
certificate implementations, but with the increasing deployment of USB tokens and TPM chips, this
sector is expected to grow over the next decade to become nearly ubiquitous.
Two-factor authentication options
Tokens
Smart cards
Biometrics
Certificates
Safe mode: Danger zone
About the author
Tom Bowers is the Security Director of Net4NZIX, an independent think tank and industry analyst group,
as well as a technical editor for Information Security magazine. Bowers, who holds the CISSP,
PMP and Certified Ethical Hacker certifications, is a well known expert on the topics of data leakage
prevention, global enterprise information security architecture and ethical hacking. He is also the
president of the Philadelphia chapter of Infragard, the second largest chapter in the country with
more than 600 members.
This article originally appeared in Information Security magazine.
