Ask the Expert

What's a good authentication method for Java?

I'm searching for a good authentication method for Java, and I've been looking at RSA and biometric. Which would you recommend?

Requires Free Membership to View

It is a tricky question. Frankly speaking, I haven't seen a single "good" authentication solution that identifies without potential vulnerabilities or compromises. Each authentication method has its own strengths and weaknesses, and there is no vendor exception as well. To me, all authentication methods are susceptible to at least one or more of possible frauds because they can be possibly stolen, predicted, manipulated, forged, impersonated or hacked.

If you are seriously looking for a trustworthy authentication solution equivalent to a face-to-face verification by a security official, then you may need to consider multifactor authentication methods commonly referred to as strong authentication. This means verifying a person's identity credentials using his/her proof-of-knowledge (password, PIN, mother's maiden name), proof-of-possession (Smartcards, Drivers license, Digital Certificates) and proof-of-physiological/behavioral characteristics (biometrics).

Using any two or more of those authentication mechanisms often is considered a good authentication practice. In Java/J2EE environments, Java Authentication and Authorization Service (JAAS) plays a vital role for implementing authentication mechanisms within Java/J2EE applications. It also allows multiple authentication chaining for enabling a multifactor authentication-based single sign-on solution. For implementation details, refer to my article, "Building Biometric Authentication for J2EE, Web, and Enterprise Applications," on biometric single sign-on authentication in a J2EE environment particularly using JAAS.

This was first published in August 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: