Frequently, access to applications is protected by weak authentication credentials. For example, users often use simple passwords that are easy to crack. Enterprises have a need for strong authentication credentials for protecting access to their enterprise application system for several reasons. For example, strong authentication credentials can be driven by regulatory compliance, risk mitigation and raising the level of identity assurance. In one approach, in order to raise the level of identity assurance, enterprises implement a two-factor authentication. A two-factor authentication combines a password with an authentication token. Such a two-factor authentication leverages what the user possesses (the authentication token) and what the user knows (the password).
Authentication tokens are special-purpose devices that are built for the specific purpose of user identification in the context of authentication. Authentication tokens can be smart cards, one-time passwords (OTP) devices, and proximity cards.
Smart cards provide a public/private key pair that can be used for authentication. OTP devices dynamically generate a unique code for use as a dynamic password for user authentication. Proximity cards are access cards that provide an RFID that uniquely identifies a given access card.
One problem with using special-purpose authentication devices like smart cards, OTP devices, and proximity cards is that such devices are expensive to deploy. Enterprises need to provision all their users with such special-purpose devices. Further, each special-purpose authentication device needs to be registered and replaced when damaged or lost.
Special-purpose authentication devices are inconvenient to use. A given user may be required to carry multiple special-purpose authentication devices as each application provider may require a different token for authenticating to applications in the provider's system.
In view of the foregoing, there is a need for a method and system for strengthening authentication credentials without the high cost and inconvenience of special-purpose authentication devices.