Multifactor Authentication, Middleware and the Online Security Arms Race

Julie Sartain at has an article at techworld.com that describes some of the new threats that have necessitated the adoption of multifactor authentication for online transactions and the variety of technologies available to augment standard username/password authentication, such as:

♦ Risk-based authentication
♦ Phone-based authentication
♦ Versatile authentication platforms
♦ Image-based authentication and, of course,
♦ Biometrics

As everyone in the security business knows, there is no perfect answer. Gartner's Allan points out that "whatever the desirable level of assurance, it has to be balanced against cost (deployments for hundreds of thousands of users are very cost sensitive) and user experience. We know that bank customers may change their banks if new security features such as authentication degrade the user experience: in a survey a couple of years ago, Gartner found that 3% of customers had done so, and a further 12% considered it," adds Allan.

Because there's no perfect answer, the challenge is in how to adopt new technologies that show positive return on investment without tying a mission-critical business process up in something that might not be the optimal solution over the longer term. How do you adopt new technologies in a way that preserves your ability to continue to adopt new technologies?

Our CEO, Barry Hodge, points out via Twitter that the move to multifactor authentication broaches the subject of middleware.

Middleware, as it relates to this discussion, is the software components that will allow the new authentication factor to interact with the existing authentication scheme and broader business processes.

But not all middleware is created equal.

Middleware can be written to facilitate a custom integration, or it can be written as a more flexible software layer that makes future integration decisions and changes less costly. A hardware analogy might be the difference between a soldering iron and a USB port. Both get the job done but involve entirely different levels of commitment.

Well written middleware components, such as those we've developed here at SecurLinx for biometrics, allow flexibility by reducing an enterprise's switching costs and the costs of adopting future techniques and technologies that may offer a significant returns on investment.

Middleware isn't really a glamorous topic — no Tom Cruise movies, severed eyeballs or rubber fingers — but it's incredibly important and becoming more so.