Martin Kuppinger: Motion in the authentication market

The market had already clearly profited from the intensified compliance requirements and security measures which resulted from the attacks on September 11, 2001. At the same time the scope of available authentication mechanisms has increased considerably due to technical innovations. In addition to classical smart cards and OTP generators (one time password), the latter is available today in credit card format, USB tokens with integrated smart card chips, biometric functions on tokens and many additional variations. Another interesting field is the hardware-free approaches, for example based on soft tokens.

That makes it clear from our viewpoint that the topic of the strong authentication has become a mass theme - even on websites such as eBay and PayPal appropriate options are available.

Due to the growing number of technical approaches, a two-factor-authentication (or an authentication with even more factors) is also increasingly interesting, because with it, many of the classical obstacles also lose importance. Software-based procedures completely avoid the logistical costs for the hardware. They are, however, primarily suited for website access. Cards with a wider functionality - from the authentication on the computer to the physical access control to the payment in the cafeteria - reduce logistical costs, because only one instead of three processes is required for deployment and management. USB tokens avoid the additional Smartcard reader. And mobile systems are also increasingly supported.

Furthermore, the experiences of the market suppliers have increased, precisely in the interaction with heterogeneous technologies. At the same time, suppliers must provide ever more complete offerings and a wide spectrum of options. That is also the reason for the acquisition initiated by Aladdin - Aladdin also gains thereby access to the market for one-time passwords and can thus offer its customers more options.

From our viewpoint it is generally advisable to again place the topic of strong authentication on the IT agenda. This is because a wide pallet of options has meanwhile emerged, not only in order to implement it for selected, especially sensitive jobs and applications, but rather also in an overall strategy for the strong authentication for external access, the mobile usage and a comprehensive roll-out for internal employees.

Created: 12.09.08, modified: 30.09.08