by Arif Bozkurt, APIIDA AG
Due to increasing security requirements, using only the user name-password-combination is insufficient for many companies. Therefor many companies rely on two-factor-authentication.
This means that two factors – which are different and independent from each other – are used to verify identities. Possible factors could be:
• Something the user owns (possession)
• Something, the user knows (knowledge)
• A characteristic feature (biometric)
The smartcard based authentication is the most common method since it is considered as very safe thanks to the two-factor authentication. Nevertheless, it is not the most comfortable and cost-effective solution. Not every laptop has a card reader included which forces companies to buy external card readers. Due to missing USB ports this option is not feasible in combination with smartphones and tablets.
Moreover, the company’s security can be at risk when employees leave their smartcard in the reader, so the two-factor-authentication is not valid anymore. If somehow third parties find out the password they have access to the computer and all intern systems connected with it.
A comfortable alternative which does not depend on physical authenticators but provides the same level of security as the smartcard is the authentication via smartphone. The only requirement for that option is that the smartphone is integrated in the existing certificate / PKI infrastructure.
This option is also very user friendly, because most of them already use a smart device on a regular basis. Initial solutions, such as our product APIIDA Mobile Authentication, which uses the eSIM (specially secured storage area) of a smartphone for the storage of a user certificate, offer such an alternative to the smart card. By storing the user certificate on the eSIM, the certificate is secured in a protected storage area via encrypted channels. This makes APIIDA Mobile Authentication a comfortable, secure and cost-effective alternative to smartcards.
Maybe one day solutions like that will replace smartcards completely.