Strong authentication usually refers to something more robust than a user ID/password pair. This can be a user ID and a biometric, a smart card and a password, or some other authentication factor combination. Strong authentication therefore has the potential of reducing user convenience and increasing costs in the name of increased security. Costs are driven not only by authentication factor or credential management but also by the hardware required to read the factors and the software, called an authenticator, required to perform the strong authentication function.
Sophisticated organizations have identity and access management (IAM) systems that offer very granular authentication policies where levels of authentication strength can be assigned to a specific digital identity and enterprise asset combination. For example, a doctor prescribing a controlled substance must use two-factor authentication whereas the same doctor accessing a medical record may only be required to provide a user ID/password pair. This concept is called graded authentication: the right level of authentication certainty applied at the right time for each user.
An ideal authenticator supports a variety of authentication factors and delivers the right balance of convenience and security in a cost-effective manner at each point of access for each person–asset combination. This authenticator must reliably implement the authentication policy and also be responsive to contextual information like the time and location of last authentication, provide a means to enforce a dynamic level of authentication certainty at each point of access, and provide a means to authenticate transactions rather than simply manage log in events at endpoints.
Biometric authentication can be very convenient and very secure — but it is not the appropriate choice for all transactions. This can be said for other strong authentication methods as well. If you simply apply the strongest authentication method to all transactions, you achieve the right level of authentication security for a small set of critical situations at the expense of higher cost and lower convenience for the majority of situations. Thus, a combination of methods, available at each endpoint and executed consistent with authentication policies, provides a means to increase convenience without undermining security.
Lumidigm offers many authentication methods from biometrics to copy-protected barcodes operating on trusted devices over a secure channel. Along with partners, Lumidigm delivers a complete set of authentication methods packaged in systems that deliver the promise of strong authentication at a low cost with a great user experience.