Information Card Win #3 - Alternate Authentication

This is the third part in my series of easy wins your organization can have with Information Card technology today. The two parts can be found here:

Information Card Win #1 - Easy First Time Visit Personalization
Information Card Win #2 - Two Factor Authentication

As I stated in Win #1, I am focusing mostly on Self-Issued Information Cards. This is because that is something under totally under your control as an organization. You don’t need to set up a federated relationship with anyone.

Alternate Authentication is distinctly different from Two Factor Authentication. In Alternate Authentication the Information Card may be used instead of another form of authentication, typically user name and password. In this scenario the Alternate Authentication is considered on par with the other means of authentication.

The advantage of using Self-Issued Information Cards as an Alternate Means of Authentication is that the user can authenticate very quickly without having to remember and type a user ID and password each time. For each computer (and user login) that the user wants to use a Self-Issued Information Card from a card enrolment would need to be performed. Typically this would involve authenticating with a user ID and password and then authenticating again with a Self-Issued card.

There is one downside to this. Because the user would no longer use the user ID and password on a frequent basis, he would be unlikely to remember them when needed. The user would need to record the user ID and password in a safe way. I talk about that a bit here.  

In effect this becomes a form of Single Sign-on (SSO). Once a card is enrolled on the site, the user can log in and use the enrolled card to access need web applications.

Which leads to the other downside. This method doesn’t really authenticate the user. It authenticates the computer. Unattended office computers become an issue with this scenario. There are also issues with home computers as there may be very good reasons for one member to not want to disclosure certain web usage to another. For these reasons it should be recommended to users that they PIN protect their Self-Issued cards in this scenario.


_____
tags: Authentication |  BMC |  BMC Software |  Cardspace |  Federation |  Higgins |  Higgins Project |  IE7 |  Identity |  Identity Management |  InfoCard |  Information Card |  Internet Explorer