Skip navigation.
Home

Beyond the password

  • : preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/dopey/cozmanova.com/includes/unicode.inc on line 345.
  • : preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/dopey/cozmanova.com/includes/unicode.inc on line 345.
  • : preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/dopey/cozmanova.com/includes/unicode.inc on line 345.
  • : preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/dopey/cozmanova.com/includes/unicode.inc on line 345.
  • : preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/dopey/cozmanova.com/includes/unicode.inc on line 345.
  • : preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/dopey/cozmanova.com/includes/unicode.inc on line 345.
  • : preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/dopey/cozmanova.com/includes/unicode.inc on line 345.

The year 2013 has been marked as the year in which the password will make its start to disappear. The big internet players are making up their mind and are introducing multifactor authentication methods. Lead by Google, others are following quickly. The second factor is very often implemented through an SMS service.

How does it work then?
Multi factor authentication comes from the three factors

  • what you know
  • what you have
  • what you are

Using them together, the resulting combination of multiple factors is stronger than the sum of each. For example, using a traditional password together with a One Time Password through SMS relies on two factors: first you need to prove knowledge, and second you prove that you are in possession of the mobile phone that a One Time Password was sent to.
The fact that somebody stole your password is not going to compromise your account, as your mobile phone is also needed to sign in. On the other hand, loosing your phone is also not going to compromise your account, because without the password you are unable to sign in either.

There are of course multiple ways to implement authentication for any factor, like using certificates on a secure device through which you could prove to be in possession of this secure device. Biometrics are typically used to prove something of what you are. Or a random security question could also add to the what you know context.

Can I implement it for my organization?
The multifactor authentication concept can be deployed anywhere. If you have thought about Identity Management, it is an extension to the authentication step of the identification process, and as such, it is an isolated problem to solve. There are multiple platforms that can offer solutions for authentication, of which open source Asimba is one. When you would need help with figuring out how Asimba can be used to implement multifactor authentication, please visit www.asimba.org or the technical repository and blogs at www.sourceforge.net/p/asimba.

For commercial support, you can contact Cozmanova.