Strength of authentication

Authentication strength is a somewhat subjective question. For many of the approaches that we will discuss, strength comes from the details of cryptographic algorithms and key lengths used; but part lies also in overall system design and implementation and in the realities of user behavior, and this can often be the source of the largest number of vulnerabilities. Some level of reason is called for here; most of the resources being access controlled, while certainly valuable assets, do not represent immanent dangers to public safety or national security if access control is breached. An access management system needs to be complemented by monitoring and other controls on the part of the resource operator to limit the impact of a breach. Further, there are after-the-fact legal remedies which can be applied to limit the damage caused by such a breach.

The cryptographic technology underlying many access management systems is legally sensitive on an international export and import basis, and may also be constrained by various national laws (though within the US, cryptographic technology can be employed freely, at least today).This is important for several reasons: resource access may cross national boundaries, and also because members of an institution’s user community may need to access networked information resources when traveling outside of their home nation. We will see international resource sharing consortia, and also see institutions in one nation licensing access to resources in other nations.

Related posts

• The basic cross-organizational access management problem (0)
• Hack Your Southwest Boarding Pass (0)
• Approaches to access management (0)
• Windows Password Security (0)
• Windows authentication in asp.net (0)