Better Security
Newsletter
Enter your e-mail address below to sign up for our newsletter!
Ten myths about smart cards
Traditional user name and password logon is rapidly being replaced by smart cards and public key infrastructure. Logging on with a smart card provides much stronger security than other types of logon. It provides two-factor authentication as the user must both have possession of the physical card and know the PIN code to use it. Unlike a password, a smart card can guarantee that authentication secrets remain cryptographically strong. An increase in threats against password-based authentication is making smart cards attractive to even small and medium sized organizations.
But as in other technology shifts, the changeover to smart cards is giving rise to questions, misunderstandings and myths. Here, we will dispel the most common ones.
#1 - It is prohibitively expensive to introduce smart cards
Smart cards actually save money. Traditional password administration is expensive – usually from 1,500 to 3,000 Swedish crowns (230 to 460 U.S. dollars) per employee and year. A well-implemented smart card solution will reduce these costs and as a result repay the entire investment in one to two years. Add to this increased personal efficiency and the value of effective security.
#2 - PKI and smart cards are difficult to install and support
It is no more challenging than with other new technologies. Expertise is available to analyze your needs, help develop the most effective solution, plan a smooth implementation and train help desk staff. Easy-to-use management tools reduce the workload on network administrators. Just select a competent partner, specialized in smart card technologies – and wait to pay the bill until everything works as promised.
#3 - Our employees already have enough passwords, keys, cards and codes. They do not need another card to look after
The introduction of smart cards gives employees fewer things to keep count of, not more. Smart cards are multifunctional. One and the same card can be used not only for logging on to IT systems, but also as a photo ID card, for access control to buildings or departments, for logging working time ¬– or even for recording the user’s cafeteria account balance. Functions can be added by using bar codes, proximity sensors and other technologies. Multifunctionality will greatly streamline, simplify, and speed up daily processes for both employees and administration.
#4 - Users would not be able to handle smart cards. They would forget to bring them, leave them in card readers or simply lose them.
Your users are cleverer than you give them credit for. They are already using credit cards and debit cards with PIN codes. They never leave home without their cards and very rarely lose them or forget to remove them from readers. The fact that smart cards can be multifunctional, serving, for example, for personal identification or unlocking doors, helps users remember to bring their cards.
#5 - Smart cards will not work for our employees who travel frequently and access webmail from hotspots and Internet cafés
Users can securely access your system from anywhere in the world, even from places where card readers are not available. One option is for users to bring a small, portable card reader that enables the smart card to generate a one-time password, valid for one session only, to log on to the system. Another option is to have the system generate a one-time password and SMS it to the user’s mobile phone. There are other options as well.
#6 - Managing PKI and smart cards is complicated and unwieldy
A modern card management system with a user-friendly interface eases IT administrators’ daily tasks. It provides a complete, flexible, and highly configurable tool for managing the issuance and administration requirements of a successful smart card deployment.
#7 - We would be unable to handle the physical card administration. We are spread across multiple locations and cannot have security administrators everywhere.
Smart card management and eligibility verification can be distributed with a powerful card management system. There is no need for fully trained local administrators. After receiving basic instructions, any local employee can handle the few physical tasks required – card replacement and unlocking. Employees can choose their own PIN codes and activate their own cards. With local activation, only known persons can be present in the systems, unlike where anyone can call help desk and claim to be a user. The ‘local ownership’ brought about by this form of decentralized administration will increase security even more. Even very large organizations with hundreds of sites across the nation log on exclusively with smart cards.
#8 - Our employees need to move around the workplace and must be able to access information and applications from different computers. Smart card logon would be to slow.
Smart cards will actually speed up logon and increase productivity. With support for session roaming and automation of processes, users need not shut off or terminate applications when leaving a workstation. By simply removing the smart card, the user closes the session and secures it against unauthorized entry. After inserting the card and entering the PIN code at a different workstation, the user can immediately resume work. The correct applications and services will start automatically. On a local machine it’s also possible to enable Fast User Switching with smart cards in Windows 7. Several users are logged on to the same machine and easily resume sessions by switching smart cards. Users love the way this simplifies their
#9 - Our IT environment is so complex that it will be impossible to integrate smart cards
Complexity is no big deal. Public key infrastructure is open and standardized. So are smart card interfaces. Microsoft, Citrix and all known platforms, applications, firewalls, etc., already support PKI-based smart card solutions.
#10 - Smart cards will only solve part of the problem because our system is so old it only works with passwords.
Smart cards can improve security and simplify work even in password-dependent systems. One excellent way is to use enterprise single sign-on software that automatically fills in passwords and regularly changes them. Neither administrators nor users need to do a thing.