The pros and cons of PKI and two-factor authentication methods

Ask the Expert

The pros and cons of PKI and two-factor authentication methods

We are putting together a system that will permit remote users to make financial transactions over a Web interface. We are concerned about user authentication and identity validation. We are considering using PKI or two-factor authentication to ensure legitimate users initiate the transactions. Although these two methods are not exclusive, taking into account deployment and management issues, what would be the pros and cons of each?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

Using PKI (Public Key Infrastructure) for Web authentication is overkill. The expense of setting it up and maintaining the architecture outweighs the cost of using already available two-factor authentication systems. Also, PKI isn't as widely used as traditional two-factor systems, such as one-time password (OTP) tokens and smart cards, therefore, scalability and interoperability could be an issue in the future as your needs grow.

If you're a financial institution, you most likely have to comply with the recent Federal Financial Institutions Examination Council's (FFIEC) guidance recommending the use of two-factor authentication for all Internet- or Web-based banking and multi-layered defenses as well. These defenses include fraud detection systems, which aren't true authentication systems, but can provide the same protection by blocking malicious access to systems. Unlike authentication systems that verify the user, these products watch for patterns of transactions and block suspicious activity that falls out of the user's normal patterns.

However, these systems, and their two-factor cousins, have advantages over PKI. They also have an established track record, are easier and cheaper to deploy and set up, and are more widely used than PKI.

More Information:

  • Learn more about the FFIEC guidelines.
  • Learn methods for securing data transmissions
  • Visit our PKI and Digital Certificates resource center for news, tips and expert advice on how use them in the enterprise.

  • To weigh the pros and cons of Tokens and Smart Cards, visit our resource center and read our collections of news, tips and expert advice.
  • This was first published in May 2006