Monday, October 26, 2009

Hardware Authentication

There has been some interest lately in the idea of hardware authentication. This involves the use of software that identifies a particular computer by such means as the serial number of its hard drive or other components, the bad sectors on the drive and even the major applications installed. The idea is to reduce the need for passwords for authentication.

The fundamental problem with hardware based authentication is that it is based on identification of a particular computer and not a particular user. There are situations when users are separated from the computers they normally use, and this would mean that someone else who has access to their computer could log into their services. It would also mean if they are on another computer, they could not log into their own services. This would apply whether or not the computer has been stolen.

The idea is fundamentally flawed, however there might be some usefullness of it as a supplement to passwords. Particularly where extra tight security is warranted. The banks use some of this now, thus the occasional question when logging into online banking asking whether this is the computer you normally use. There are situations where hardware authentication could actually strengthen security, but not where it substitutes for passwords. Technology Review has a write up on this issue.

No comments: