020 8335 5910
Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords. Knowledge of the password alone is often assumed to guarantee that the user is authentic.
The weakness in this system is that passwords can often be stolen, accidentally revealed, or in many cases, guessed or determined by trial and error. Where passwords are used for protecting access to private systems or where large sums of money are concerned, this level of verifying identity is simply not enough.
For this reason, Internet business and many other transactions require a more stringent authentication process. Commonly this employs the concept of something you have combined with something you know. A typical example is that of a bank cash machine. In order to authenticate you, you have to present both your card and your pin number in order to withdraw cash or view sensitive data.
In a similar fashion, this two-factor authentication can be applied to IT systems through the use of dynamically created 'keys' that change regularly. Users can be given small hardware devices or software for mobile phones and PDAs to generate these random keys. Instead of simply entering a password (something you know) the key generated (something you have) is combined with the password. This leverages existing password systems that may already be in place but reduces the risks associated with static passwords.