I'm searching for a good authentication method for Java, and I've been looking at RSA and biometric. Which would you recommend?
Requires Free Membership to View
When you register, you'll receive targeted emails designed to keep you informed of the most relevant information on Agile development, application security, testing & QA, software requirements, and more.
Hannah Smalltree, Editorial Director
It is a tricky question. Frankly speaking, I haven't seen a single "good" authentication solution that identifies without potential vulnerabilities or compromises. Each authentication method has its own strengths and weaknesses, and there is no vendor exception as well. To me, all authentication methods are susceptible to at least one or more of possible frauds because they can be possibly stolen, predicted, manipulated, forged, impersonated or hacked.
If you are seriously looking for a trustworthy authentication solution equivalent to a face-to-face verification by a security official, then you may need to consider multifactor authentication methods commonly referred to as strong authentication. This means verifying a person's identity credentials using his/her proof-of-knowledge (password, PIN, mother's maiden name), proof-of-possession (Smartcards, Drivers license, Digital Certificates) and proof-of-physiological/behavioral characteristics (biometrics).
Using any two or more of those authentication mechanisms often is considered a good authentication practice. In Java/J2EE environments, Java Authentication and Authorization Service (JAAS) plays a vital role for implementing authentication mechanisms within Java/J2EE applications. It also allows multiple authentication chaining for enabling a multifactor authentication-based single sign-on solution. For implementation details, refer to my article, "Building Biometric Authentication for J2EE, Web, and Enterprise Applications," on biometric single sign-on authentication in a J2EE environment particularly using JAAS.
If you are seriously looking for a trustworthy authentication solution equivalent to a face-to-face verification by a security official, then you may need to consider multifactor authentication methods commonly referred to as strong authentication. This means verifying a person's identity credentials using his/her proof-of-knowledge (password, PIN, mother's maiden name), proof-of-possession (Smartcards, Drivers license, Digital Certificates) and proof-of-physiological/behavioral characteristics (biometrics).
Using any two or more of those authentication mechanisms often is considered a good authentication practice. In Java/J2EE environments, Java Authentication and Authorization Service (JAAS) plays a vital role for implementing authentication mechanisms within Java/J2EE applications. It also allows multiple authentication chaining for enabling a multifactor authentication-based single sign-on solution. For implementation details, refer to my article, "Building Biometric Authentication for J2EE, Web, and Enterprise Applications," on biometric single sign-on authentication in a J2EE environment particularly using JAAS.
This was first published in August 2006