One approach to enhancing security in enterprise systems and other computer systems is to add several layers of security to the system. For example, authentication of a user may be required not only when logging into the system but also when accessing each application in the system. A separate authentication is required for accessing each application.
However, even if authentication mechanisms are in place to restrict access to applications, such mechanisms often involve weak credentials. An example of weak credentials is a password that is easy to crack. Strong authentication is often required to satisfy regulation and/or to mitigate risk.
One approach is to implement password policies to enforce password strength and change frequency. However, users often forget strong passwords, and find frequent password changes inconvenient. Further, users often compromise security by writing down their passwords.
In another approach, password management systems can be implemented to generate and update random passwords automatically. However, if a user logs in from an access point where the password management system has not been implemented, then the user is locked out from accessing the desired application. Another problem with such random password management systems is that the user must obtain the latest random password. A user may not be able to obtain a synchronized password if the user is offline or if the user is otherwise unable to contact the required servers that manage the passwords. Further, such password management systems are incompatible with standalone hardware password generators because such hardware password generators are unable to discover or synchronize with the latest random passwords managed by the password management system.
In yet another approach, one-time password (OTP) generators may be used to secure access to applications. OTP generators obviate the need for users to remember the password or change the password. However, if a user is not is possession of the OTP generator, the user faces a lock out. Moreover, application servers are not typically equipped to authenticate OTP generated passwords. The application server needs to redirect the authentication procedure to a separate OTP server for authentication of the OTP generated password. However, not all applications support redirection. Further, multiple applications share the same authentication directory. To enforce OTP on the directory will require all the applications using the directory to be modified to support OTP in the front end. In addition, OTP solutions do not easily support offline login. In contrast, most applications support offline login. Offline login is a requirement for most users. Most applications support offline verification of credentials when the server is not contactable. OTP requires redirection, and therefore requires network connectivity. Thus, OTP solutions are unable to run offline.
In view of the foregoing, there is a need for a method and system for strengthening authentication credentials adapted for accommodating multi-party, multi-access points across a plurality of applications while leveraging pre-existing authentication mechanisms that are already associated with the applications.