With an increasingly dispersed work force attempting to access business critical applications from a central site and the security of these actions based on an often all-too simple password, it's no wonder that some administrators feel nervous about network security. Fortunately, if you are looking for added security for remote users accessing your network, there are technologies that can help.

Two-factor authentication remains one of the most secure ways to extend access to remote employees. Simply put, the two factors are something the user knows -- a password -- and either something they have -- a token, a mobile phone or even their own PC -- or something they are -- biometrics. Deciding to invest in this technology has a lot to do with how secure you need your network to be and whether remote employees understand this and consent to a retinal scan every time they log on. Of course, the use of two-factor authentication doesn't need to be that extreme or that expensive.

Before the technology caught up with the concept, the major stumbling block of two-factor authentication was the need for extra hardware. If every remote user needs a card reader the cost and inconvenience of two-factor authentication begins to outweigh the benefits.

So now the main competition between two-factor authentication vendors is how to make the second factor as convenient and inexpensive as possible. The main goal is to eliminate the need for extraneous hardware. A USB-compatible key, for instance, can contain a control device that performs hashing functions, a storage area to store encrypted passwords and can plug into pretty much any piece of hardware. Similar technology is employed in smart cards, but the control device in the key eliminates the need for a card reader.

Other companies are utilizing mobile phones as the second factor of authentication. A user connects to a server with their mobile phone using a username and password, then through text messaging they are delivered a one-time-use access code to access a network. The access code is only viable for short time

Time-based tokens such as synchronized with a central authentication system and also share a secret. This makes the token output a different number for every authentication attempt. An authentication session would look like this:

        Username:   
holsta Password: ********
                       Token: 548318

The authorized user would be the only person who knows the password, and the token would respond with a 6 digit figure that must be used to login. This information would be sent to the central authentication server where the password and token output would be verified, and if correct access is granted.
Tokens that are pin-protected contain a shared secret. Once unlocked by entering a pin, the token authentication session could also look like this:

In this example, the user does not enter a password, only the pin on his token.
Bypassing this scheme would require knowledge of the password, and a way of predicting what number the token is going to display this is near to an impossible task
Various forms of Authentication those are available.

Another second-factor authentication method involves the use of software installed on a laptop or other mobile computing device that combines with a password to grant access. The computing device itself becomes the token.

There is, of course, much more to the technology that goes into these products, but one of the selling points of most is that they can be integrated seamlessly with existing security systems and are simple to administer. Most can be used in conjunction with VPNs, RAS and support 1024-bit PKI.