Q

What's a good authentication method for Java?

Not one authentication solution is perfect. Java security expert Ramesh Nagappan says multifactor authentication is the most secure method.

I'm searching for a good authentication method for Java, and I've been looking at RSA and biometric. Which would you recommend?
It is a tricky question. Frankly speaking, I haven't seen a single "good" authentication solution that identifies without potential vulnerabilities or compromises. Each authentication method has its own strengths and weaknesses, and there is no vendor exception as well. To me, all authentication methods are susceptible to at least one or more of possible frauds because they can be possibly stolen, predicted, manipulated, forged, impersonated or hacked.

If you are seriously looking for a trustworthy authentication solution equivalent to a face-to-face verification by a security official, then you may need to consider multifactor authentication methods commonly referred to as strong authentication. This means verifying a person's identity credentials using his/her proof-of-knowledge (password, PIN, mother's maiden name), proof-of-possession (Smartcards, Drivers license, Digital Certificates) and proof-of-physiological/behavioral characteristics (biometrics).

Using any two or more of those authentication mechanisms often is considered a good authentication practice. In Java/J2EE environments, Java Authentication and Authorization Service (JAAS) plays a vital role for implementing authentication mechanisms within Java/J2EE applications. It also allows multiple authentication chaining for enabling a multifactor authentication-based single sign-on solution. For implementation details, refer to my article, "Building Biometric Authentication for J2EE, Web, and Enterprise Applications," on biometric single sign-on authentication in a J2EE environment particularly using JAAS.
This was first published in August 2006
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close