More than just a password: Securing remote access

Hardware authentication

This is where hardware authentication comes in. This provides a further layer of security by combining something that we have - a physical device - and something we know - a password. This combination provides one of the basic practices of good security and provides robust authentication for remote access with SSL.

An everyday example of such a system would be the ATM card and pin number system that we have all trusted to secure our bank accounts. Even if the card is stolen then the thief still needs the pin number before they can withdraw cash from the ATM.

For the authentication process to succeed the physical device, such as a USB key must be plugged into the PC or notebook and the user is then prompted to enter a pin or password to complete authentication.

Of course there is always the possibility that your sales person's laptop will be stolen with the USB key still attached. To prevent a potential hacker cracking the password at their leisure some systems allow the IT department to control the number of passwords retries allowed before the user is permanently locked out. The issuing of temporary passwords for partners or contractors also helps minimise this risk.

Where SSL is combined with a hardware authentication it can provide a secure yet highly flexible means for your mobile workforce to access corporate systems. SSL will not be right for all organisations, especially where remote workers require access to legacy applications, but if your applications are primarily web-based it can help ensure that you're your remote workers don't leave open the windows and doors to your corporate networks.