Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Access Management

Why Two-Factor Authentication is a Statistical Necessity

By Greg Sarrail
DualAuthentication2
June 25, 2013

To minimize risk, two-factor authentication has become a necessity and is now generally being adopted. Two-factor authentication is the combination of two out of the three possible methods (something you know, something you have, something you are).

One basic example is ATM access which requires a card (something you have) and a PIN (something you know). In healthcare provider settings, the two authentication factors most commonly used to secure data are the proximity card that the clinician already uses to access the facility and a PIN or password. To log on, all the clinician needs to do is tap a card and type a PIN. 

But what sacrifices have been made to make access to data this simple? Has security been sacrificed to ensure rapid clinician adoption?

Dissecting the prox card – are traditional methods good enough?

Unfortunately, using a proximity card plus a password is not as secure as people may hope. Authentication with an RFID proximity card and a password is better than a username and password, but it is far from secure. Proximity cards have been in use for more than 30 years for physical access control and are now used to authenticate to networks and single sign-on systems in addition to their role in physical access control. But is it really the best choice for logical access control in healthcare settings?

Proximity cards use a static number, called a card serial number (CSN), that is sent over the air, unencrypted, to a reader. This number is correlated to a user’s identity. In other words, the static CSN acts as a username and, with the password or PIN, the two are used to unlock a user’s desktop or single sign-on session. In combination with a static CSN, newer RFID contactless cards offer the capability to write and store data on a card, encrypt data at rest and in transit, and securely exchange this data.

Yet these features are typically only used for physical access control and are not used for desktop authentication. These higher security features must be implemented in cooperation with the card vendor, decrease the speed at which a user is recognized and limit the interoperability of the system with various card technology. For these reasons, most authentication software utilizes the CSN irrespective of what card technology is used. 

In short, the common denominator is the card serial number which is fast and interoperable. Unfortunately, the CSN is an unencrypted static number which can be simply copied or cloned. Is a static card number plus a password any more secure than the former username/password model that it replaced? 

The majority of single-sign on solutions also offers the capability to use either a proximity card with no PIN as an authentication method or use a “grace period” feature that bypasses the need to enter a password for each logon event. At the start of the day, a card and password is required but, for the next 4-8 hours, only the card is required for authentication. When no password or PIN is required for user authentication, if a card is lost or stolen, it can be used by anyone – even without a password.  

Security vs. convenience: users should not have to choose!

The reality is that security has taken a backseat to workflow at every stage. Proximity cards were never designed to protect networks, applications and sensitive data, yet many organizations rely on this technology to protect their most critical assets.

What is the alternative? It must be as or more convenient than using a card and password, and it must positively identify the person accessing the information. Something that the employee can share with others such as a username and password does not identify “who” without some level of doubt. Something that can be easily duplicated such as a static card serial number also does not absolutely identify “who.” Only through the use of a biometric can the authorized individual be positively identified to securely grant access while creating a record of the authenticity of the transaction.

Knowing “who” matters!

Fingerprint biometrics is the most widely used biometric technology. More convenient than using a card-based system, a fingerprint biometric authentication solution does not require the user to carry some other device, card or token. Requiring no more than the placement of a finger on a sensor, authentication using fingerprint biometrics enhances clinician workflow while delivering the level of security that is required to protect sensitive health information.  

However, not all fingerprint biometric solutions are created equal. To maximize adoption, it is critical to select a fingerprint sensor that works in real-world environments and that can deliver consistent results irrespective of race, gender, age or physical conditions. To truly enhance workflow, the sensor needs to work every time, and for every user.

To address the shortcomings of conventional fingerprint technologies, a fingerprint technology has been developed that is able to work across the range of common operational conditions. Called multispectral imaging, this technology collects information about both the surface and subsurface fingerprint to capture reliable data every time, regardless of whether a user’s finger is dry, wet, dirty, slightly rotated or difficult to capture. 

Multispectral imaging allows users to enroll and authenticate quickly and accurately every time, removing the need to call the help desk or use a secondary authentication method due to issues with the primary mode. Multispectral imaging enhances user adoption rates because it is simple, reliable and secure.

The time has come to replace an inadequate and archaic security solution with one that is truly tied to the individual. The threat landscape continues to grow along with the migration to electronic records and increased access to systems and information, meaning greater exposure to unauthorized access and cyber-attacks. Industry’s reliance on technology designed more than 30 years ago is not sufficient to protect us from the current threat landscape nor will it prevent new attacks. It’s time that we implement solutions that make no compromises and deliver both security and convenience.   

KEYWORDS: ATM security authentication bank security Dual Authentication Prox cards

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Greg Sarrail is Vice President of Solutions Business for Lumidigm. He can be reached at gsarrail@lumidigm.com.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Fingerprint and password on computer screen

    Why two-factor authentication messages should be branded

    See More
  • MFA for HIPAA Compliance

    Multi-factor authentication for HIPAA compliance: What it is, common objections, and why to insist on it

    See More
  • password

    What is Two-Factor Authentication? The Tip of the Security Spear

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing