Authentication is the process of maintaining an identity and producing it at any given point in time. It is the easiest known way to determine if someone/something is actually the one who/what it is declared to be! In the world of computing, authentication is achieved by engaging use of a username and password. Remember logging in to your favorite social networking site!

The use of authentication and the knowledge of a password guarantee that the user is genuine. The future of computing is mobile, hand held devices use of which is rapidly expanding within the workplace. Usernames and passwords help in enhancing the productivity but also carry a new risk from security point by virtue of information they can contain or can access remotely. User authentication again comes as first line of defense against unattended, lost or stolen mobile devices.

Ways of authentication
There are numerous ways to secure information travelling via mobile devices. IT giant Microsoft broadly categorizes the authentication over Exchange Servers in Basic, Certificate Based or Token Based authentication methods.

Basic authentication simply requires the client to submit username password that travels via internet (preferably through Secured Socket Layer (SSL)) to server and gets authenticated. Certificate based authentication uses certificates in addition to user names and password.  Certificates constitute a private key from user and a public key that is installed on the server. Token based is further complicated and is made more secure by inducing a unique number that is momentarily assigned to the user for authentication.  This is in addition to the username and password that the client must provide to get access. Typically, a security device provided by your banking vendor for your online account access qualifies this category.

Holistic View: User identity theft is running rampant these days. With minute details that you enter while registering on a website or details provided when you are promised that you won a lottery or some other prizes, your details are going in hands of those who may attempt to misuse that. User Id and password seems little inadequate in fighting the fire here and the world is shifting to three-factor authentication methods – what we know (user Id and password), something that we have (such as a smart card) and something that we are (fingerprint). Depending on the criticality of information that is in access, they are either used alone or in combination with each other (two factor or multifactor authentication).

Two Factor Authentications: Taking what we read above, the two factor authentication is actually combination of more than one ways to authenticate a user. Token based authentication that we saw above is an example of two factor authentication method. Strategy behind this method is to use what we know and what we have, say password and the certificate/tokens that we/our devices may possess. This drastically reduces internet based scams as the password is no more sufficient to authenticate a user’s identity.

Three Factor Authentications: Taking authentications to the next level, user Id – password and certificate/token mechanism is combined with bio metric details that may be anything from scanned fingerprints to voice prints. This strategy uses more than one ways to authenticate and ensures robust security.

Market Trend: It started in 2007 somewhere when financial institutions were seeking to expand their online and mobile banking offerings to entire customer base. They had to struggle with basic challenges which were no more a secret, cost in implementation, complications in deployment and inconvenience in customers’ adaptability. They trusted Out Of Band authentication (OOB) where the user was authenticated online via SMS that was sent to the registered mobiles.

2008 witnessed team up between the mobile operators, banks and vendors for SIM Card-based security.  Undoubtedly, as the dependency of human race increases on digital assets, the urge for more secure and authentic way of access will increase.

In February 2009, Valimo, the global market leader in mobile ID solutions introduced mobile authentication for OpenId, eliminating requirement of different username passowords for different websites.  Soon after this launch, in September the same year, Gemalto, world leader in digital security (French smart card maker) signed a global re-seller agreement with the company and yesterday, February 4, 2010 witnessed acquisition of Valimo (mobile device authentication leader) by Gemalto (global leader in digital security). Useless to say, the market has gained the momentum now and the world is all set to invest more and more to secure as much data as possible.

With global leaders like CRYPTOCard, Verisign, Gemalto and Entrust adopting technologies like Grid Card, Contact smart card, USB Token with OTP generator, Public Key Infrastructure(PKI) et al, it is not difficult to predict the shift in criticality of identity management and authentication methodology enhancement in digital world.  World seems full of encroachers and warriors are all set to gear up to fight against the foul play!