The Most Common Authentication Methods Used Today

The issue for network admins is that they are playing a continuous state of "catch-up," as newer exploits are developed by highly sophisticated cyber gangs in order to keep their profitable fraud rings going as soon as earlier exploits are patched. Smart phones and tablets present an even greater challenge, as most of these devices lack the same malware defenses as their more robust cousins, desktops and laptops.

All of this has led many businesses to shift to more robust authentication and authorization schemes, such as:

Transaction Authentication
Simply put, transaction authentication looks for logical flaws when comparing known data about a user with the details of the current transaction. For example, if a user that lives in the U.S. purchases several big ticket items while logged in from an IP address determined to be from a foreign country, this is cause for concern and would require extra verification steps to ensure the purchase is not fraudulent.

Biometrics
Biometrics literally means "measuring life," and refers to the use of known and recorded physical traits of a user to authenticate their identity, as no two individuals share the same exact physical traits. Common schemes include:

1. Voice recognition
2. Fingerprints
3. Face scanning and recognition
Eyeprints, such as retina and iris scans
The issue with biometrics is that, apart from voice recognition, which can be performed using a normal cell phone, they require the use of specialized scanners, making them inconvenient for an industry such as e-commerce.

Tokens:
Tokens are physical devices that are used to access secure systems. They can be in the form of a card, dongle, or RFID chip. One common token used in authentication schemes today is the RSA secureID token, which provides an OTP (one time password) on its LED screen which users must input along with their normal username/password to access a network.

Tokens make it harder for a hacker to access an account, as they must possess not only the login credentials, which can easily be gotten with a keylogger, but also the much harder-to-obtain physical device in order to gain access.

Multi-Factor Authentication
MFA is really a blanket term that describes an authentication scheme that uses two or more independent sources to verify an identity, like:

1. Something possessed, as in a physical               token or telephone
2. Something known, such as a password or mother's maiden name
3. Something inherent, like a biometric trait mentioned earlier
A classic example of multifactor authentication would be an ATM machine, which requires something possessed (the debit card) with something known (the PIN number) to authorize a transaction.

Out-of-band authentication:
OOB uses a completely separate channel, such as a mobile device, to authenticate a transaction originated from a computer. Any transaction that crosses a threshold, such as a large money transfer, would trigger a phone call, text, or notification on a specialized app that further authorization is needed for a transaction to go through. Requiring two channels makes it quite difficult for a hacker to steal money, as they would need to compromise two separate systems (cell phone and computer) in order to pull off a heist.

The increase in cybercrime necessitates an increase in security measures. Fortunately, the above authentication methods make it much harder for a criminal gang to exploit their targets, which will hopefully save millions per year in lost revenue and productivity.