Problem solve Get help with specific problems with your technologies, process and projects.

What's a good authentication method for Java?

Not one authentication solution is perfect. Java security expert Ramesh Nagappan says multifactor authentication is the most secure method.

I'm searching for a good authentication method for Java, and I've been looking at RSA and biometric. Which would you recommend?
It is a tricky question. Frankly speaking, I haven't seen a single "good" authentication solution that identifies without potential vulnerabilities or compromises. Each authentication method has its own strengths and weaknesses, and there is no vendor exception as well. To me, all authentication methods are susceptible to at least one or more of possible frauds because they can be possibly stolen, predicted, manipulated, forged, impersonated or hacked.

If you are seriously looking for a trustworthy authentication solution equivalent to a face-to-face verification by a security official, then you may need to consider multifactor authentication methods commonly referred to as strong authentication. This means verifying a person's identity credentials using his/her proof-of-knowledge (password, PIN, mother's maiden name), proof-of-possession (Smartcards, Drivers license, Digital Certificates) and proof-of-physiological/behavioral characteristics (biometrics).

Using any two or more of those authentication mechanisms often is considered a good authentication practice. In Java/J2EE environments, Java Authentication and Authorization Service (JAAS) plays a vital role for implementing authentication mechanisms within Java/J2EE applications. It also allows multiple authentication chaining for enabling a multifactor authentication-based single sign-on solution. For implementation details, refer to my article, "Building Biometric Authentication for J2EE, Web, and Enterprise Applications," on biometric single sign-on authentication in a J2EE environment particularly using JAAS.

Dig Deeper on Topics Archive