When you choose login with smart cards, security is built in three steps. That is why a smart card-based security solution is the strongest alternative for secure and easy login.
Security with smart cards is based on the PKI security standard and uses certificates to identify all users when they log in.
Certificates can be stored as files directly on the user’s computer, as file-based certificates. The problem is that the certificate then remains at the workstation and is available through the network when the user leaves, which carries a risk for, e.g., spoofing and theft. By instead storing certificates on a smart card, the user can easily take their certificate with them when they leave their workstation. The certificate becomes less accessible and security is improved.
To log in and authenticate themselves in the IT environment, the user needs to be able to present information that is stored in the certificate on their personal smart card, and enter their personal PIN code. The combination of something the user has and something the user knows provides two-factor authentication.
Traditional password management is based only on the user providing the correct password, that is, single-factor authentication, which makes this method much weaker.
Once authentication has been verified, an encrypted tunnel is established between the client and the server. All communication is sent through the tunnel, which makes it completely protected from unauthorized persons, who cannot “listen in” on the connection. This also minimizes the risk of information phishing and man-in-the-middle intrusion.