Definition - What does Strong Authentication mean?
Strong authentication blends a minimum of two different authentication factors of different types to improve the safety of identity verification.
Passwords tend not to present an ample level of security for systems that store or process the data elements defined as restricted.
Although passwords are intuitive, they are prone to a multitude of attacks and weak spots such as impersonation, guessing, observing, snooping, borrowing, and dictionary attacks. Therefore, strong authentication techniques are required to minimize the risk involving these high-value systems. Implementing two authentication factors of distinct types instead of one provides an advanced level of authentication assurance.
A standard example for strong authentication is the usage of credit card (something the user has) with a PIN code (something the user knows).
IT Security is adhered to the authentication levels laid out in NIST 800-63 standard. The NIST 800-63 standard specifies four different authentication levels, with Level 1 constituting the lowest security level whereas Level 4 represents the highest level.
Level 3 authentication is required when accessing restricted data aside from one's own data. Level 3 standard requires more than just ordinary usernames and passwords. It requires strong or two-factor authentication. In two-factor authentication, a user provides a token (something the user has) and inputs a password (something the user knows). Additionally, the application should know the way to authenticate the token or password data to allow access to the restricted data.
Below mentioned are some common methods used in strong authentication:
Computer recognition software: Users can make use of computer as a second authentication factor with the installation of an authentication software plugin. This plugin includes a cryptographic device marker, which can then be validated as the second factor in the course of authentication process.
Biometrics: Utilizing biometrics as the second factor involves verification of physical characteristics like fingerprints or retinal images with the help of a dedicated hardware device.
E-mail or SMS one-time password (OTP): Using SMS or e-mail OTP as a second factor involves sending of a second one-time password to a registered mobile number or e-mail address. The user can then make use of this second OTP along with their standard password to authenticate the process.