Authentication Reality Check

I was at the IT-SA conference in Nuremberg, Germany, this past week. The participants of the conference almost unanimously agreed that we need to stop the dependence on passwords in Internet e-commerce and other applications.

The previous conferences had many more exhibitors of two-factor authentication products. This year seemed a bit slower in that category.

I believe the reason for that is the difficulty of using and integrating these products into important websites, and the enterprise world is still depending on one-time passwords, for the most part. I think the time has come for most standards in the industry to be worked on to enable websites to easily integrate and choose authentication methods while working together to reduce the dependence on passwords.

It will be important for the industry to provide ways to measure the risks associated with the various authentication methods. Each and every security system has limitations as to how much it can resist attacks, and it will become very important to provide good advice to businesses as to the risk levels and issues associated with difference methods.

Recognized in the industry as the "inventor of SSL," Dr. Taher Elgamal led the SSL efforts at Netscape. He also wrote the SSL patent and promoted SSL as the Internet security standard within standard committees and the industry. Dr. Elgamal invented several industry and government standards in data security and digital signatures area, including the DSS government standard for digital signatures. In addition to serving on numerous corporate advisory boards, Dr. Elgamal is the Chief Security Officer at Axway, a global provider of multi-enterprise solutions and infrastructure. He holds a Ph.D. and M.S. in Computer Science from Stanford University. View more of his blog posts here.