Improving Authentication Guesswork

I was reading Gunnar Peterson’s article on darkReading recently about authentication and authorization and he concludes with the idea that we should focus more on authorization while improving the guess work associated with authentication. As Gunnar points out there are more authentication contexts these days that it’s impossible to support them all. Nervepoint Access Manager (NAM) provides a healthy array of authentication contexts, PIN, Passphrase, One Time Password, Password and all of these are complemented by bot aversion through captcha and access control through IP restrictions.

PIN authentication

As Gunnar says authentication is a mystery, “We try to stitch together some details and guess whether the person on the other end of the http connection matches the record in the user directory” and that we should improve, “the quality of guesses“. It’s great to see that NAM does just that through the use of authentication flows.

Authentication flow

Improving guesses is to increase the number of authentication steps an end user needs to go through. Using simple drag and drop you can take any authentication context from the list and move them into the authentication flow and order them to your hearts content. The more steps an end user needs to authenticate the more likely the right user is accessing the system.

The great thing about this that others struggle with is that NAM enables this across all parts of the system. You can configure independent authentication flows for each end-user component: password reset, account unlock, end user’s home page and even the administration portal – but it doesn’t end there. Authentication flows can be managed across all the access points too: the web-portal, the desktop MSI app and even the Nervepoint Access Manager mobile app for remote self service.

Authentication UI

However, ‘with great power comes great responsibility‘ increased authentication flows with multi-factor authentication does improve security and improves ‘guess work‘ as Gunnar puts it but it also impacts end-user experience. So this is a balancing act and NAM provides you with all the configuration options necessary to find that balance.
LogonBox Password Self Service

Like that? Check these out: