3 things to consider when implementing an effective authentication solution

Wim Abraham, March 28, 2014

Implementing an effective authentication solution can only be achieved by finding a true balance between security, user-friendliness and total cost of ownership.

When looking for a solution to secure your online application, you will run into conflicting goals. You want the solution to be as secure as possible, but at what cost? And of course, you want your customers to be able to use it on their preferred mobile platforms.

In this search for the holy grail, there are 3 important dilemmas to be addressed:

  • Security
  • User-friendliness
  • Total cost of ownership

The overall security of the solution is probably one of the most important aspects. Will you go for simple passwords that can be brute forced in no time? Or would you rather choose random generated passwords that meet these awfully complex password rules? Having complex passwords in place may help defeating the brute force attack, but your customers will hate them ... bye bye user-friendliness.

User-friendliness is key for consumer facing applications

Human beings are extremely creative and they'll find an easy workaround, by e.g. writing the passwords down ... which will make them again less secure.
Or even worse ... after a well-deserved and long holiday or even after an exciting weekend with another gig ... people may have forgotten that NEW complex and secure password they were forced to set right before leaving ... As a consequence, they get frustrated (bye bye user-friendliness) and end up calling your help desk, making the solution not really cost-effective.

An effective authentication solution will take all these aspects into consideration. Authentication solutions based upon one-time passwords play an important role. One-time passwords bring you strong security. By using a user's mobile device, you will make sure the solution is user-friendly while keeping the total cost of ownership as low as possible.

In my next blog, I'll elaborate more on the effectiveness of the different solutions.

Stay tuned for more ...

I am passionate about security and services. It all started with an engineering and computer science background. My first job got me started in building security - designing and developing large building security systems.

In 1999 I joined OneSpan. During my 15+ years’ career at OneSpan I went