Comparison of authentication solutions

Authentication is the act of confirming the truth of an attribute of a single piece of data (a datum) claimed true by an entity. Out of different types of authentication Two-factor authentication is a technology that provides identification of users by means of the combination of two different components. There are number of Two-factor authentication and Multi-factor authentication providers around us. Multi factor authentication products can provide significant benefits to an enterprise, but the technology is complex and the tools themselves can vary greatly from provider to provider.[1]

Legend

The term "Phishing" refers to attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

"Malware", short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.

"Password guessing" refers to cracking of password which is the process of recovering passwords illegally from data that have been stored in or transmitted by a computer system.

A "man-in-the-middle attack" (often abbreviated to MITM, MitM, MIM, MiM attack or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other

"Server side data breaking" refers to an incident in which sensitive, protected or confidential data has potentially been viewed, stolen from servers or used by an individual unauthorized to do so.

"shoulder surfing" refers to using direct observation techniques, such as looking over someone's shoulder, to get information. It is commonly used to obtain passwords, PINs, security codes, and similar data.

"OTP interception" refers to that service provider sends the one time password to user's contact(SMS, E-mail, etc) for authentication purpose, but that doesn't reach the user possibly intercepted by fraudulent person.

"Side channel vulnerabilities" allow attackers to infer potentially sensitive information just by observing normal behavior of software system, Attacker is a passive observer[2]

"A Hardware Token" is an Authenticator in the form of a physical object, where the user's interaction with a login system proves that the user physically possesses the object. Proving possession of the Token may involve one of several techniques.[3]

A "software token" is a type of two-factor authentication security device that may be used to authorize the use of computer services. Software tokens are stored on a general-purpose electronic device such as a desktop computer, laptop, PDA, or mobile phone and can be duplicated. This is in contrast to hardware tokens, where the credentials are stored on a dedicated hardware device and therefore cannot be duplicated (absent physical invasion of the device).

TOTP - Time based one time password

EOTP - Event based one time password

"Mutual authentication" or two-way authentication refers to two parties authenticating each other at the same time, being a default mode of authentication in some protocols (IKE, SSH) and optional in others (TLS).

"Biometric authentication" is a type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems.

"Scalability" is the capability of a system, network, or process to handle a growing amount of work, or its potential to be enlarged in order to accommodate that growth.

"Transaction Signing" is a term used in internet banking that requires customers to digitally "sign" transactions in order to preserve the authenticity and integrity of the online transaction.

Threat coverage

Provider Phishing Malware Password guessing Man in the middle Re-used password attacks Serverside Database Breaking Shoulder Surfing Theft of Authenticator OTP Interception Channel vulnerabilitiess
Authenticator Plus N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Authentify IncYes N/A N/AYes N/A N/A N/A N/A N/A N/A
AuthyYes[4]Yes[4]Yes[5]Yes[5] N/A N/A N/A N/A N/A N/A
Azure Multi-Factor AuthenticationYes[6]Yes[7] N/A N/A N/A N/A N/A N/A N/A N/A
ClefYes[8] N/AYes[8] N/A N/AYes[8] N/AYes N/A N/A
Cognalys Inc N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
CryptoPhotoYes[9]Yes[9] N/A N/A N/A N/AYes[9] N/A N/A N/A
Duo SecurityYes N/A N/AYes[10] N/A N/A N/A N/A N/A N/A
FreeOTP N/A N/A N/AYes N/A N/A N/A N/A N/A N/A
Google AuthenticatorNo N/A N/A N/A N/A N/A N/A N/A N/A N/A
Latch N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
LaunchKey N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
LoginTCYes N/A N/AYes N/A N/A N/A N/A N/A N/A
MePIN N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Nexmo N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Ping Identity N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
PortalGuardYes[11] N/A N/AYes[11] N/A N/A N/A N/A N/A N/A
privacyIDEAYes[12] N/AYes N/AYesYes[13] N/A N/A N/A N/A
Protectimus N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Rublon N/AYes[14]Yes[14] N/A N/A N/A N/A N/A N/A N/A
SAASPASSYesYes N/AYes N/A N/A N/A N/A N/A N/A
SAT Mobile ID N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
SecSignYes[15]Yes[15]Yes[15] N/A N/A N/A N/A N/A N/A N/A
SecureAuthYes N/A N/A N/A N/A N/A N/A N/A N/A N/A
SecurePass N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
SmartSign N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Solidpass[16]YesYes N/AYes N/A N/A N/A N/A N/A N/A
SwivelSecureYesYesYesYesYesYesYesYesYesYes
SyferLock GridGuard[17]YesYesYesYesYes N/AYes N/AYesYes
Symantec/Verisign VIP N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
TeleSignYes[18] N/AYes[18] N/AYes[18] N/A N/A N/A N/A N/A
TextPower N/AYes[19] N/AYes[20] N/A N/A N/A N/A N/A N/A
Token2 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Toopher N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Totp.Me N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
TransaktYes[21]Yes[21]Yes[21]Yes[21] N/A N/A N/A N/A N/A N/A
VASCO Data SecurityYes N/A N/AYes N/A N/A N/A N/A N/A N/A
WWPassYesYes N/AYes N/A N/A N/A N/A N/A N/A
WiKID Systems N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
YubicoYesYes N/AYes N/A N/A N/A N/A N/A N/A

Transport Methods

Provider SMS Phone Call Email Hardware token Software implementation Recovery method
Authenticator Plus[22]NoNoNoNoYesEmail
Authentify Inc[23]YesYesNoYesYesEmail
Authy[24]YesYesNoYesYesEmail[25]
Azure Multi-Factor Authentication[26]YesYesNoNoYesEmail
Clef[27]NoNoNoNoYesEmail
Cognalys IncNoYesNoNoYesEmail
CryptoPhotoNoNoNoNoYesPaper TAN
Duo SecurityYesYesNoYesYesEmail[25]
FreeOTPNoNoNoNoYesEmail
Google AuthenticatorYesYesNoNoYesPaper TAN[25]
LatchNoNoNoNoYesEmail
LaunchKeyNoNoNoNoYesEmail
LoginTCNoNoNoNoYesEmail
MePINYesNoNoYesYesEmail
NexmoYesYesNoNoNoEmail
Ping IdentityYesYesNoNoYesEmail
PortalGuardNoYesNoNoYesEmail
privacyIDEAYesNoYesYesYesEmail / helpdesk
ProtectimusYesNoYesYesYesEmail
RublonNoNoYesNoYesEmail
SAASPASSNoNoNoNoYesEmail
SAT Mobile IDYesYesNoYesYesEmail
SecSignNoNoNoNoYesEmail
SecureAuthYesYesYesYesYesEmail
SecurePassNoNoNoYesYesEmail
SmartSignNoNoYesNoYesEmail
Solidpass[16]YesNoNoYesYesEmail
SwivelSecureYesYesYesYesYesEmail / helpdesk
SyferLock GridGuardYesNoYesNoYesEmail
Symantec/Verisign VIPYesYesYesYesYesEmail
TeleSignYesYesNoNoYesEmail
TextPowerYesNoNoNoNoEmail
Token2YesNoNoYesYesEmail
ToopherYesNoNoNoYesEmail
Totp.MeNoNoNoNoYesEmail
TransaktNoNoNoNoYesEmail
VASCO Data SecurityYesYesYesYesYesEmail
WWPassNoNoNoYesYesEmail
WiKID SystemsNoNoNoNoYesEmail
YubicoNoNoNoYesYesEmail

Feature Support

Provider TOTP EOTP Mutual authentication PIN protection Biometrics Separate Channel Scalability Transaction Signing Coverage Revocation
Authenticator PlusYes N/A N/AYesYes N/A N/A N/A N/A N/A
Authentify Inc N/A N/A N/A N/A N/AYes N/AYes N/A N/A
AuthyYes N/A N/A N/AYes[28] N/A N/AYes[29] N/A N/A
Azure Multi-Factor Authentication N/A N/A N/A N/AYes N/A N/A N/A N/A N/A
Clef N/A N/A N/A N/AYes N/A N/A N/A N/A N/A
Cognalys Inc N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
CryptoPhoto N/A N/A N/AYes[30]Yes[30] N/A N/A N/A N/AYes[30]
Duo SecurityYes N/A N/A N/AYes N/A N/A N/A N/A N/A
FreeOTPYes[31] N/A N/A N/A N/A N/A N/A N/A N/A N/A
Google AuthenticatorYes N/A N/A N/A N/A N/A N/A N/A N/A N/A
Latch N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
LaunchKey N/A N/A N/A N/AYes N/A N/A N/A N/A N/A
LoginTC N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
MePINYes N/A N/A N/AYes N/A N/A N/A N/A N/A
Nexmo N/A N/A N/A N/A N/A N/AYes[32] N/A N/A N/A
Ping Identity N/A N/A N/A N/AYes[33] N/A N/A N/A N/A N/A
PortalGuardYes[11] N/A N/A N/A N/A N/A N/A N/A N/A N/A
privacyIDEAYesYes N/A N/A N/A N/A N/AYes N/A N/A
ProtectimusYesYes N/A N/A N/A N/A N/A N/A N/A N/A
Rublon N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
SAASPASSYes N/AYes N/A N/A N/A N/A N/A N/A N/A
SAT Mobile ID N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
SecSign N/A N/A N/AYes[15] N/A N/A N/A N/A N/A N/A
SecureAuth N/A N/A N/A N/AYes[34] N/A N/A N/A N/A N/A
SecurePass N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
SmartSign N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Solidpass[16]YesYesYes N/AYes N/A N/AYes N/A N/A
SwivelSecureYesYesYesYesYesYesYesYesYesYes
SyferLock GridGuard N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Symantec/Verisign VIP N/A N/A N/A N/AYes N/A N/A N/A N/A N/A
TeleSignYes[18] N/A N/A N/A N/A N/A N/A N/A N/A N/A
TextPower N/A N/A N/A N/AYes[35] N/A N/A N/A N/A N/A
Token2Yes[36] N/A N/A N/A N/A N/A N/A N/A N/A N/A
Toopher N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Totp.MeYes N/A N/A N/A N/A N/A N/A N/A N/A N/A
TransaktYes[21] N/A N/A N/AYes[21]Yes[21] N/AYes[21] N/A N/A
VASCO Data SecurityYes N/A N/A N/AYes N/A N/A N/A N/A N/A
WWPass N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
WiKID Systems N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
YubicoYes N/A N/A N/A N/A N/A N/A N/A N/A N/A

References

  1. "Comparing the top multifactor authentication vendors". November 2014.
  2. "Side Channel Vulnerabilities on the Web - Detection and Prevention" (PDF).
  3. "Definition of Hardware Token".
  4. 1 2 "INTRODUCING AUTHY FOR YOUR PERSONAL COMPUTER".
  5. 1 2 "SECURITY NOTICE: OPENSSH PASSWORDS VULNERABLE".
  6. Larry Seltzer (30 April 2014). "Microsoft Azure is phishing-friendly". Retrieved 27 April 2016.
  7. Yuri Diogenes (22 March 2016). "Microsoft Antimalware for Azure Cloud Services and Virtual Machines". Retrieved 27 April 2016.
  8. 1 2 3 "Clef".
  9. 1 2 3 "CryptoPhoto Features". Retrieved 18 April 2016.
  10. Jon Oberheide (6 June 2014). "Duo Patches for the Latest OpenSSL Vulnerabilities". Retrieved 18 April 2016.
  11. 1 2 3 "Two factor Authentication:Flexible Options" (PDF).
  12. "privacyIDEA:Features".
  13. "HSM Support in privacyIDEA".
  14. 1 2 "Rublon".
  15. 1 2 3 4 "SecSign".
  16. 1 2 3 "Solid Pass".
  17. "GridGuard Overview".
  18. 1 2 3 4 "TeleSign_US_Datasheet_Push_Verify_20161" (PDF). 2016. Retrieved 27 April 2016.
  19. NEIL J. RUBENKING (20 May 2014). ""Hack-Proof" TextKey Turns SMS Authentication on Its Head". Retrieved 1 May 2016.
  20. "TextKey Scores Well in Network World Review of Authentication Solutions".
  21. 1 2 3 4 5 6 7 8 "Build in trust with the Transakt SDK" (PDF).
  22. "Authenticator plus".
  23. "Authentify Two-Factor Authentication".
  24. "Authy: Two-Factor Authentication Made Easy".
  25. 1 2 3 Matthew Prince (28 November 2012). "Choosing a Two-Factor Authentication System". Retrieved 16 April 2016.
  26. "What is Azure Multi-Factor Authentication?".
  27. "Clef Two-Factor Authentication".
  28. "AUTHY two factor authentication". Retrieved 27 April 2016.
  29. Dan Killmer. "AUTHY ONETOUCH: SIMPLY STRONG SECURITY". Retrieved 18 April 2016.
  30. 1 2 3 "Two Factor and Multifactor Authentication by CryptoPhoto". Retrieved 18 April 2016.
  31. "FreeOTP".
  32. "Nexmo".
  33. "PingID Multi-factor Authentication".
  34. "SecureAuth" (PDF).
  35. "GET AN INDUSTRY LEADING MULTI-FACTOR AUTHENTICATION SOLUTION".
  36. "TOKEN2".
This article is issued from Wikipedia - version of the 11/4/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.