Logical and Physical Access Control: The case for dual-factor authentication

By Dave Sweeney

With a password on each computer and a card-based access control system on the door, many businesses feel they have their bases covered when it comes to both logical and physical security.

The password for the logical access control system, which provides authorization into a computer system, they’ll argue, prevents just anyone from logging onto a computer — unless the computer’s owner has a sticky note with their password attached to the screen or they’ve shared their password with a friend. Then the laptop or desktop is easily accessible by others. And the card will keep strangers out of the building. This works unless the credential is lost or stolen or passed along to by a well-meaning employee to a co-worker who forgot his card.

Access works on the premise that the user presents one of two items: something they have, like a card; or something they know, such as a password.

But under multiple-factor authentication, users take it to the next stage, requiring credentials that address both dynamics. Up until recently, this higher level of security was limited to certain upper echelon users such as corporate executives, IT administrators or others whose information and access was considered more important. For example, a CEO may have to both present a card and punch in an access code or use his fingerprint to open the door to the executive suite. And the desktop used by the head of IT is protected by both a password and a swipe of her access card on an auxiliary reader attached to the computer.

Cost and complexity of instituting this technology have been cited in the past as reasons to restrict the use of additional safeguards to a small percentage of the corporate population, but increasingly those arguments are going by the wayside.

Security systems integrators are already installing card-based access control systems at a steady pace, so why not work with that existing credential and add a layer of logical access on top of it?

The mobility of the standard user, who takes his laptop home on the weekends or travels for business, makes having at least two-factor authentication for added logical security more significant. The same is true with protecting certain physical assets or areas such as a hospital’s drug supply closet or the records room at a financial institution. Installing systems requiring multi-factor authentication can prevent costly or even regulatory mistakes in these key areas.

Working in partnership, integrators, physical security personnel and the IT department can leverage the investment in the physical access control system into one that brings a higher level of security by tapping into the logical side as well. This is truly a case of if one is good, two is better.