an out-of-band signaling strategy for users when they log in. The user enters a username and password (something they know), and then your system calls their phone (something they have) to have them enter a pin. That way, for someone to impersonate a user, they would have to know the user’s username and password, and also have the user’s mobile phone. This is a very economical way to increase password strength – especially if your organization’s culture dictates using simple passwords.

Other options include having the users carry secure USB tokens that plug into their computer much the way a user would start their car with a car key. Examples include www.aladdin.com/etoken and www.everythingusb.com/guard_id_vault.html.

Additionally you could choose to use a RSA SecurID www.rsasecurity.com device, a biometric fingerprint reader, or SmartCard two factor authentication device.

Another interesting product is the iTag from www.encentuate.com that lets you stick a tag on whatever your users carry with them now. An id badge, their mobile phone, etc. This product provides single sign-on features many organizations crave. For example, single sign-on allows users to log into more than one operating system in just one step.

The post Answers to the trouble with passwords appeared first on Foster Institute.