Making Sense of your Authentication Options

When it comes to authentication, e-business planners and implementers are faced with a bewildering array of options. Alternatives include the traditional user name and password, various ‘two factor’ authentication tokens, digital certificates and public key infrastructure (PKI), smartcards, and an ever-growing range of biometric methods. In the light touch regulatory environment of the US, the European Union, Australia and elsewhere, the onus is on electronic service providers to select and implement authentication technologies that are fit for purpose. A risk analysis should be performed on the types of transactions to be undertaken, and authentication measures agreed upon that are commensurate with the potential for fraud, impersonation and identity theft. But where does one start such an analysis in practice?

This article surveys the major authentication methods available to e-business implementers today, and characterises their qualities and relative strengths. There is no one-size-fits-all authentication solution, and the paper aims to provide practical guidance in support of the specific risk assessments that will be needed case-by-case.