Gartner Research

Fundamentals of Authentication

Published: 10 January 2013

ID: G00238761

Analyst(s): Trent Henry

Summary

Authentication is an essential element of modern IT systems, yet it remains complex. It's difficult to assess the options among passwords, one-time password (OTP) tokens, smart cards, X.509 PKI certificates, biometrics and other choices. This document presents the fundamentals.

Table Of Contents

Summary of Findings

Description of Authentication

Business Context

  • Allow Users to Connect Securely to Systems, Data and Functions Required for Their Work
  • Accommodate the Variety of Constituencies and Computing Platforms Used by Enterprises

Architectural Context

Fundamentals

  • Authentication Has a Life Cycle That Must Be Managed
  • Password Authentication Is Subject to Numerous Attacks
    • Password Vulnerabilities
  • To Address Risks, Many Organizations Seek to Strengthen Authentication
  • Authenticator Technologies
    • OTP Devices
    • Local Certificate Store
    • Smart Cards and Smart (USB) Tokens
    • Physical Credentials Benefits
    • Biometrics
  • Stronger Authenticators Also Have Weaknesses
    • Phishing
    • Credential Mismatches: Protecting the Strong With the Weak
  • The Authentication Experience Can Be Evaluated via Multiple Variables
    • Ubiquity
    • Application Coverage
    • Usability
    • Security
    • Secure Storage Capability
    • Management
    • Acquisition Cost
  • Several Industry Standards Relate to Authentication
    • RSA Public-Key Cryptography Standards
    • MS-CAPI
    • NIST 800-63-1
    • HSPD-12 and FIPS 201
    • FIPS 140-2
    • OATH
    • Java Card
    • GlobalPlatform

Recommended Reading

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.