Strong Authentication Best Practices

Control Access & Protect Data Throughout the Enterprise

A strong authentication solution that validates the identities of users and computing devices that access the non-public areas of an organization’s network is the first step in building a secure and robust information protection system.

1. Match Your Authentication Solution to Your Business, Users, and Risk

Blue Authentication Token Icon

A flexible approach that enables an organization to implement different authentication methods based on different risk levels may ensure a robust system that can be efficiently and cost-effectively deployed.

Technologies for multi-factor authentication include:

  • One-Time Passwords (OTP): OTP technology is based on a shared secret or seed that is stored on the authentication device and the authentication backend. This method ensures authentication by generating a one-time passcode based on the token’s secret.

  • Certificate-based Authentication (CBA): This method ensures authentication using a public and private encryption key that is unique to the authentication device and the person who possesses it. CBA tokens can also be used to digitally sign transactions and to ensure non-repudiation. SafeNet delivers certificate-based authentication via USB tokens and smart cards.

  • Context-based Authentication: Context-based authentication uses contextual information to ascertain whether a user’s identity is authentic or not, and is recommended as a complement to other strong authentication technologies. In order to develop a robust authentication solution, organizations should consider their business, users, and risk, and select a solution that provides them with the flexibility to adapt as needed. For example, if organizations are interested in implementing additional security solutions that rely on PKI technology, such as full-disk encryption, network logon, and digital signatures, or are thinking about adding such solutions in the future, they should consider CBA, as it enables these applications.

2. Prefer Solutions That Adhere to Standards-Based Security and Certifications


Products that are built upon standards-based crypto-algorithms and authentication protocols are preferred. Unlike proprietary algorithms, standards-based algorithms have gone through public scrutiny by industry and security experts that reduces the chance of any inherent weaknesses or vulnerabilities. Moreover, they enjoy broad industry support.

3. Consider All Access Points

Green Secure Remote Access Icon

Organizations need to ensure that access to all sensitive information is authenticated, whether the information resides on premise or in the cloud. Organizations should implement the same security mechanisms for cloud resources as they would for remote access to the corporate network. In addition, organizations should deploy security mechanisms to ensure that users accessing network resources from their mobile consumer devices (e.g., tablets, smart phones) are securely authenticated.

4. Ensure the Solution Reduces IT Administrative and Management Overhead

Multi-Factor Authentication Purple Icon

Authentication environments have to offer convenience and transparency for end users and administrators alike. Following are several guidelines that can help organizations achieve these goals:

  • Administrative Controls: Administrators need to be able to manage all users across all devices and resources. To meet this charter, they need automation, central management, and visibility into user access across multiple resources. To ensure users have an optimal experience, administrators need to be equipped with granular controls and comprehensive reporting capabilities.

  • End-User Convenience: To ensure security controls are enforced, while streamlining user access, organizations should have the ability to offer users the type of authentication device that most suits their role and security profile. Organizations can offer their users several authentication methods, ranging from context-based authentication, through SMS, phone tokens or hardware tokens – ensuring user acceptance and compliance with corporate security policies.

Request More Info

Explore Our Authentication Products

View ResourcesResource Library

Strong Authentication Resources

Securing access to corporate networks, protecting the identities of users, and ensuring that a user is who he claims to be all comes down to well-executed strong authentication methods. Here are a variety of resources that provide insights into how best to utilize strong authentication throughout the enterprise:


SafeNet Purple Data Protection Icon

Gartner Report - 2014 Magic Quadrant for User Authentication

The Magic Quadrant for User Authentication depicts Gartner's independent analysis of authentication vendors in the marketplace. Positioning within the quadrant is based on an organization's ability to execute and completeness of vision. Gartner has positioned SafeNet in the leaders quadrant.

SafeNet Purple Data Protection Icon

White Paper - Authentication Best Practices

A significant number of high profile security breaches have occurred recently, bringing the organizations affected to the front pages of the business press. These events have had a negative impact on the public image of these companies, and may also have a harmful effect on their business. These incidents have caused the CIOs of many companies to reevaluate their info-security strategy in general, while also placing specific focus on their user authentication and transaction security requirements.

SafeNet Purple Data Protection Icon

White Paper - An Intro to Strong Authentication

In today’s environment, the need for organizations to enable secure remote access to corporate networks, enhance their online services, and open new opportunities for e-commerce is bringing ever-growing attention to the importance of securing user access and validating identities. In addition, the recent barrage of identity theft and corporate fraud cases has brought corporate responsibility and the protection of sensitive data to the spotlight.

SafeNet Purple Data Protection Icon

White Paper - The Token is Dead. Long Live the Token!

When the news broke that RSA had been breached, there was a lot of whispering in the corridors about how terrible this must have been for them. For sure, there have been plenty of breaches recently, and this highlighted that no network is impenetrable anymore.

SafeNet Purple Data Protection Icon

White Paper - Smart Phones And Tablets In The Enterprise

Whether IT organizations choose to embrace, resist, or deny them, the reality is that the increased prevalence of mobile devices in the enterprise presents a range of fundamental implications. This paper examines the paradigm shifts taking place in enterprise IT organizations today, and then focuses on the key implications the proliferation of mobile devices has for mobile authentication. The paper then uncovers some of the key strategies for making mobile authentication work effectively and securely in today's IT environments.

View OverviewResource Library
CTA - 2014 Gartner Magic Quadrant for User Authentication
Auth Migration Guide WP

The Real Cost of Strong Authentication
Next-Generation Authentication Webinar CTA
CTA - SAS Free Trial