How they work
Certificates are typically used in conjunction with USB tokens or smart cards but can be implemented separately. A certificate is assigned to a user, a token or a particular machine and is read during the authentication process. Certificates are much more secure than they were a few years ago due to better encryption and more robust certificate stores.
Pros and cons
Certificates tend to be a stronger style of authentication, but come at a much higher cost. The infrastructure typically required in an enterprise (servers, hierarchical certificate server domain deployment and personnel) is pricey to set up and maintain. Third-party vendor-managed services help, but this authentication is still more expensive than most others reviewed here.
What to do
Organizations with extremely high security requirements, such as government agencies handling classified information, will want to consider certificates. Today, there are discrete pockets of certificate implementations, but with the increasing deployment of USB tokens and TPM chips, this sector is expected to grow over the next decade to become nearly ubiquitous.
Two-factor
authentication
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchSecurityChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchSecurityChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
options
Tokens
Smart cards
Biometrics
Safe mode: Danger zone
 |
|
|
|
|
|
About the author
Tom Bowers is the Security Director of Net4NZIX, an independent think tank and industry analyst
group, as well as a technical editor for Information Security magazine. Bowers, who holds
the CISSP, PMP and Certified Ethical Hacker certifications, is a well known expert on the topics of
data leakage prevention, global enterprise information security architecture and ethical hacking.
He is also the president of the Philadelphia chapter of Infragard, the second largest chapter in
the country with more than 600 members.
This article originally appeared in Information Security magazine.
This was first published in November 2006