Comparison of authentication solutions
Authentication is the act of confirming the truth of an attribute of a single piece of data (a datum) claimed true by an entity. Out of different types of authentication Two-factor authentication is a technology that provides identification of users by means of the combination of two different components. There are number of Two-factor authentication and Multi-factor authentication providers around us. Multi factor authentication products can provide significant benefits to an enterprise, but the technology is complex and the tools themselves can vary greatly from provider to provider.[1]
Legend
The term "Phishing" refers to attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
"Malware", short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.
"Password guessing" refers to cracking of password which is the process of recovering passwords illegally from data that have been stored in or transmitted by a computer system.
A "man-in-the-middle attack" (often abbreviated to MITM, MitM, MIM, MiM attack or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other
"Server side data breaking" refers to an incident in which sensitive, protected or confidential data has potentially been viewed, stolen from servers or used by an individual unauthorized to do so.
"shoulder surfing" refers to using direct observation techniques, such as looking over someone's shoulder, to get information. It is commonly used to obtain passwords, PINs, security codes, and similar data.
"OTP interception" refers to that service provider sends the one time password to user's contact(SMS, E-mail, etc) for authentication purpose, but that doesn't reach the user possibly intercepted by fraudulent person.
"Side channel vulnerabilities" allow attackers to infer potentially sensitive information just by observing normal behavior of software system, Attacker is a passive observer[2]
"A Hardware Token" is an Authenticator in the form of a physical object, where the user's interaction with a login system proves that the user physically possesses the object. Proving possession of the Token may involve one of several techniques.[3]
A "software token" is a type of two-factor authentication security device that may be used to authorize the use of computer services. Software tokens are stored on a general-purpose electronic device such as a desktop computer, laptop, PDA, or mobile phone and can be duplicated. This is in contrast to hardware tokens, where the credentials are stored on a dedicated hardware device and therefore cannot be duplicated (absent physical invasion of the device).
TOTP - Time based one time password
EOTP - Event based one time password
"Mutual authentication" or two-way authentication refers to two parties authenticating each other at the same time, being a default mode of authentication in some protocols (IKE, SSH) and optional in others (TLS).
"Biometric authentication" is a type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems.
"Scalability" is the capability of a system, network, or process to handle a growing amount of work, or its potential to be enlarged in order to accommodate that growth.
"Transaction Signing" is a term used in internet banking that requires customers to digitally "sign" transactions in order to preserve the authenticity and integrity of the online transaction.
Threat coverage
| Provider | Phishing | Malware | Password guessing | Man in the middle | Re-used password attacks | Serverside Database Breaking | Shoulder Surfing | Theft of Authenticator | OTP Interception | Channel vulnerabilitiess |
|---|---|---|---|---|---|---|---|---|---|---|
| Authenticator Plus | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Authentify Inc | Yes | N/A | N/A | Yes | N/A | N/A | N/A | N/A | N/A | N/A |
| Authy | Yes[4] | Yes[4] | Yes[5] | Yes[5] | N/A | N/A | N/A | N/A | N/A | N/A |
| Azure Multi-Factor Authentication | Yes[6] | Yes[7] | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Clef | Yes[8] | N/A | Yes[8] | N/A | N/A | Yes[8] | N/A | Yes | N/A | N/A |
| Cognalys Inc | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| CryptoPhoto | Yes[9] | Yes[9] | N/A | N/A | N/A | N/A | Yes[9] | N/A | N/A | N/A |
| Duo Security | Yes | N/A | N/A | Yes[10] | N/A | N/A | N/A | N/A | N/A | N/A |
| FreeOTP | N/A | N/A | N/A | Yes | N/A | N/A | N/A | N/A | N/A | N/A |
| Google Authenticator | No | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Latch | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| LaunchKey | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| LoginTC | Yes | N/A | N/A | Yes | N/A | N/A | N/A | N/A | N/A | N/A |
| MePIN | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Nexmo | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Ping Identity | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| PortalGuard | Yes[11] | N/A | N/A | Yes[11] | N/A | N/A | N/A | N/A | N/A | N/A |
| privacyIDEA | Yes[12] | N/A | Yes | N/A | Yes | Yes[13] | N/A | N/A | N/A | N/A |
| Protectimus | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Rublon | N/A | Yes[14] | Yes[14] | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| SAASPASS | Yes | Yes | N/A | Yes | N/A | N/A | N/A | N/A | N/A | N/A |
| SAT Mobile ID | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| SecSign | Yes[15] | Yes[15] | Yes[15] | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| SecureAuth | Yes | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| SecurePass | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| SmartSign | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Solidpass[16] | Yes | Yes | N/A | Yes | N/A | N/A | N/A | N/A | N/A | N/A |
| SwivelSecure | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| SyferLock GridGuard[17] | Yes | Yes | Yes | Yes | Yes | N/A | Yes | N/A | Yes | Yes |
| Symantec/Verisign VIP | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| TeleSign | Yes[18] | N/A | Yes[18] | N/A | Yes[18] | N/A | N/A | N/A | N/A | N/A |
| TextPower | N/A | Yes[19] | N/A | Yes[20] | N/A | N/A | N/A | N/A | N/A | N/A |
| Token2 | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Toopher | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Totp.Me | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Transakt | Yes[21] | Yes[21] | Yes[21] | Yes[21] | N/A | N/A | N/A | N/A | N/A | N/A |
| VASCO Data Security | Yes | N/A | N/A | Yes | N/A | N/A | N/A | N/A | N/A | N/A |
| WWPass | Yes | Yes | N/A | Yes | N/A | N/A | N/A | N/A | N/A | N/A |
| WiKID Systems | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Yubico | Yes | Yes | N/A | Yes | N/A | N/A | N/A | N/A | N/A | N/A |
Transport Methods
| Provider | SMS | Phone Call | Hardware token | Software implementation | Recovery method | |
|---|---|---|---|---|---|---|
| Authenticator Plus[22] | No | No | No | No | Yes | |
| Authentify Inc[23] | Yes | Yes | No | Yes | Yes | |
| Authy[24] | Yes | Yes | No | Yes | Yes | Email[25] |
| Azure Multi-Factor Authentication[26] | Yes | Yes | No | No | Yes | |
| Clef[27] | No | No | No | No | Yes | |
| Cognalys Inc | No | Yes | No | No | Yes | |
| CryptoPhoto | No | No | No | No | Yes | Paper TAN |
| Duo Security | Yes | Yes | No | Yes | Yes | Email[25] |
| FreeOTP | No | No | No | No | Yes | |
| Google Authenticator | Yes | Yes | No | No | Yes | Paper TAN[25] |
| Latch | No | No | No | No | Yes | |
| LaunchKey | No | No | No | No | Yes | |
| LoginTC | No | No | No | No | Yes | |
| MePIN | Yes | No | No | Yes | Yes | |
| Nexmo | Yes | Yes | No | No | No | |
| Ping Identity | Yes | Yes | No | No | Yes | |
| PortalGuard | No | Yes | No | No | Yes | |
| privacyIDEA | Yes | No | Yes | Yes | Yes | Email / helpdesk |
| Protectimus | Yes | No | Yes | Yes | Yes | |
| Rublon | No | No | Yes | No | Yes | |
| SAASPASS | No | No | No | No | Yes | |
| SAT Mobile ID | Yes | Yes | No | Yes | Yes | |
| SecSign | No | No | No | No | Yes | |
| SecureAuth | Yes | Yes | Yes | Yes | Yes | |
| SecurePass | No | No | No | Yes | Yes | |
| SmartSign | No | No | Yes | No | Yes | |
| Solidpass[16] | Yes | No | No | Yes | Yes | |
| SwivelSecure | Yes | Yes | Yes | Yes | Yes | Email / helpdesk |
| SyferLock GridGuard | Yes | No | Yes | No | Yes | |
| Symantec/Verisign VIP | Yes | Yes | Yes | Yes | Yes | |
| TeleSign | Yes | Yes | No | No | Yes | |
| TextPower | Yes | No | No | No | No | |
| Token2 | Yes | No | No | Yes | Yes | |
| Toopher | Yes | No | No | No | Yes | |
| Totp.Me | No | No | No | No | Yes | |
| Transakt | No | No | No | No | Yes | |
| VASCO Data Security | Yes | Yes | Yes | Yes | Yes | |
| WWPass | No | No | No | Yes | Yes | |
| WiKID Systems | No | No | No | No | Yes | |
| Yubico | No | No | No | Yes | Yes | |
Feature Support
| Provider | TOTP | EOTP | Mutual authentication | PIN protection | Biometrics | Separate Channel | Scalability | Transaction Signing | Coverage | Revocation |
| Authenticator Plus | Yes | N/A | N/A | Yes | Yes | N/A | N/A | N/A | N/A | N/A |
| Authentify Inc | N/A | N/A | N/A | N/A | N/A | Yes | N/A | Yes | N/A | N/A |
| Authy | Yes | N/A | N/A | N/A | Yes[28] | N/A | N/A | Yes[29] | N/A | N/A |
| Azure Multi-Factor Authentication | N/A | N/A | N/A | N/A | Yes | N/A | N/A | N/A | N/A | N/A |
| Clef | N/A | N/A | N/A | N/A | Yes | N/A | N/A | N/A | N/A | N/A |
| Cognalys Inc | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| CryptoPhoto | N/A | N/A | N/A | Yes[30] | Yes[30] | N/A | N/A | N/A | N/A | Yes[30] |
| Duo Security | Yes | N/A | N/A | N/A | Yes | N/A | N/A | N/A | N/A | N/A |
| FreeOTP | Yes[31] | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Google Authenticator | Yes | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Latch | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| LaunchKey | N/A | N/A | N/A | N/A | Yes | N/A | N/A | N/A | N/A | N/A |
| LoginTC | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| MePIN | Yes | N/A | N/A | N/A | Yes | N/A | N/A | N/A | N/A | N/A |
| Nexmo | N/A | N/A | N/A | N/A | N/A | N/A | Yes[32] | N/A | N/A | N/A |
| Ping Identity | N/A | N/A | N/A | N/A | Yes[33] | N/A | N/A | N/A | N/A | N/A |
| PortalGuard | Yes[11] | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| privacyIDEA | Yes | Yes | N/A | N/A | N/A | N/A | N/A | Yes | N/A | N/A |
| Protectimus | Yes | Yes | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Rublon | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| SAASPASS | Yes | N/A | Yes | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| SAT Mobile ID | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| SecSign | N/A | N/A | N/A | Yes[15] | N/A | N/A | N/A | N/A | N/A | N/A |
| SecureAuth | N/A | N/A | N/A | N/A | Yes[34] | N/A | N/A | N/A | N/A | N/A |
| SecurePass | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| SmartSign | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Solidpass[16] | Yes | Yes | Yes | N/A | Yes | N/A | N/A | Yes | N/A | N/A |
| SwivelSecure | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| SyferLock GridGuard | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Symantec/Verisign VIP | N/A | N/A | N/A | N/A | Yes | N/A | N/A | N/A | N/A | N/A |
| TeleSign | Yes[18] | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| TextPower | N/A | N/A | N/A | N/A | Yes[35] | N/A | N/A | N/A | N/A | N/A |
| Token2 | Yes[36] | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Toopher | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Totp.Me | Yes | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Transakt | Yes[21] | N/A | N/A | N/A | Yes[21] | Yes[21] | N/A | Yes[21] | N/A | N/A |
| VASCO Data Security | Yes | N/A | N/A | N/A | Yes | N/A | N/A | N/A | N/A | N/A |
| WWPass | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| WiKID Systems | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Yubico | Yes | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
References
- ↑ "Comparing the top multifactor authentication vendors". November 2014.
- ↑ "Side Channel Vulnerabilities on the Web - Detection and Prevention" (PDF).
- ↑ "Definition of Hardware Token".
- 1 2 "INTRODUCING AUTHY FOR YOUR PERSONAL COMPUTER".
- 1 2 "SECURITY NOTICE: OPENSSH PASSWORDS VULNERABLE".
- ↑ Larry Seltzer (30 April 2014). "Microsoft Azure is phishing-friendly". Retrieved 27 April 2016.
- ↑ Yuri Diogenes (22 March 2016). "Microsoft Antimalware for Azure Cloud Services and Virtual Machines". Retrieved 27 April 2016.
- 1 2 3 "Clef".
- 1 2 3 "CryptoPhoto Features". Retrieved 18 April 2016.
- ↑ Jon Oberheide (6 June 2014). "Duo Patches for the Latest OpenSSL Vulnerabilities". Retrieved 18 April 2016.
- 1 2 3 "Two factor Authentication:Flexible Options" (PDF).
- ↑ "privacyIDEA:Features".
- ↑ "HSM Support in privacyIDEA".
- 1 2 "Rublon".
- 1 2 3 4 "SecSign".
- 1 2 3 "Solid Pass".
- ↑ "GridGuard Overview".
- 1 2 3 4 "TeleSign_US_Datasheet_Push_Verify_20161" (PDF). 2016. Retrieved 27 April 2016.
- ↑ NEIL J. RUBENKING (20 May 2014). ""Hack-Proof" TextKey Turns SMS Authentication on Its Head". Retrieved 1 May 2016.
- ↑ "TextKey Scores Well in Network World Review of Authentication Solutions".
- 1 2 3 4 5 6 7 8 "Build in trust with the Transakt SDK" (PDF).
- ↑ "Authenticator plus".
- ↑ "Authentify Two-Factor Authentication".
- ↑ "Authy: Two-Factor Authentication Made Easy".
- 1 2 3 Matthew Prince (28 November 2012). "Choosing a Two-Factor Authentication System". Retrieved 16 April 2016.
- ↑ "What is Azure Multi-Factor Authentication?".
- ↑ "Clef Two-Factor Authentication".
- ↑ "AUTHY two factor authentication". Retrieved 27 April 2016.
- ↑ Dan Killmer. "AUTHY ONETOUCH: SIMPLY STRONG SECURITY". Retrieved 18 April 2016.
- 1 2 3 "Two Factor and Multifactor Authentication by CryptoPhoto". Retrieved 18 April 2016.
- ↑ "FreeOTP".
- ↑ "Nexmo".
- ↑ "PingID Multi-factor Authentication".
- ↑ "SecureAuth" (PDF).
- ↑ "GET AN INDUSTRY LEADING MULTI-FACTOR AUTHENTICATION SOLUTION".
- ↑ "TOKEN2".