Skip to main content
purple hex pattern
person using mobile device to authenticate laptop

A wide range of traditional authenticators

Entrust supports a wide range of authenticators—from hardware tokens to mobile push OTPs to offline grid cards—to align with your needs and simplify your transition from basic to high-assurance authentication. This breadth of offering helps you adapt quickly to new technologies and evolving business processes.

Frequently Asked Questions

What is authentication?

Authentication is the process of verifying the identity of a user, device, or system before granting access to applications, data, networks, and other resources. It’s your organization’s first line of cyber defense, ensuring only approved individuals can access sensitive information. Without verification, virtually any entity could infiltrate your digital environment.

Why is authentication important to cybersecurity?

Authenticators ensure only legitimate entities can access your resources, thus protecting the sensitive data they contain from attacks. Without adequate verification, cybercriminals and malicious insiders could expose sensitive information publicly, resulting in financial loss, reputational damage, and non-compliance.

Strong authentication reduces the risk of phishing attacks, credential stuffing, brute-force attempts, and other potential threats. Implementing high-assurance authentication allows you to strengthen defenses and protect digital assets from unauthorized access.

How does authentication work?

  1. Single-factor authentication (SFA): Requires one type of verification, typically a username and password.
  2. Multi-factor authentication (MFA): Requires two or more of the following verification factors:
    1. Something you are (biometrics)
    2. Something you have (smartphone, hardware, token)
    3. Something you know (password/pin)

How to choose your authentication method

Entrust can help you explore the full range of authenticators and determine the best choice for your use cases. We’ll help you answer key questions, such as:

  • Do you want authentication to be transparent to the user?
  • Would you like the user to carry a physical device or authenticate online? Do you want the website to authenticate itself to the user as well?
  • How sensitive is the protected information, and what is the associated risk?
  • Is physical access to offices, labs, or other areas part of your user requirement?

What authentication methods does Entrust provide?

  1. Biometric authentication: Uses physical characteristics like fingerprints or facial recognition to verify identity.
  2. Token-based authentication: Involves a physical or virtual token that generates a one-time code to be used alongside a password.
  3. Certificate-based authentication: Utilizes digital certificates issued by a trusted authority to verify identity.

Types of authentication methods

Transparent Authentication

Transparent authenticators validate users without requiring day-to-day involvement.

Digital Certificates

Our authentication solutions can leverage existing X.509 digital certificates issued from an Entrust managed digital certificate service or a third-party service to authenticate users. Certificates can be stored locally or on secure devices, such as smart cards and USB tokens.

IP-Geolocation

Authenticated users can register locations where they frequently access a corporate network or other key assets. Our solution compares current location data — country, region, city, ISP, latitude and longitude — to registered location data. You can then step up authentication when values don’t match. Other features include the ability to create blacklists of regions, countries or IPs based on fraud histories.

Device Authentication

You can create an encrypted profile after an authenticated user registers a frequently used computer or device. During subsequent authentication, our authentication software creates a new profile and compares it to the stored value. Step-up authentication is required only when the values don’t match.

Physical Form Factor Authentication

Physical form factors are tangible devices that users carry and use when authenticating.

One-Time Passcode Tokens

We offer two versions of the popular one-time-passcode (OTP) token. Our mini-token option is OATH-compliant and generates a secure eight-digit passcode at the press of a button. An OATH-compliant Pocket Token offers additional features, including PIN unlock prior to generating the passcode, in addition to a challenge-response mode.

Display Card

This authentication option provides the same functionality as the popular token in a credit card format. In addition to providing an OATH-compliant, one-time passcode, a display card includes a magnetic stripe and can optionally include a PKI or EMV chip for greater versatility.

Grid Authentication

Our patented grid card is a credit card-sized authenticator consisting of numbers and characters in a row-column format. Upon login, users are presented with a coordinate challenge and must respond with the information in the corresponding cells on their cards.

One-Time Passcode List

End-users are provisioned with a list of randomly generated passcodes or transaction numbers (TANs) that are typically printed on a sheet of paper and distributed to end-users. Each passcode is used just once.

Biometrics

Entrust leverages biometric fingerprint data to provide an effective balance between authentication strength and user convenience for Microsoft® Windows® login. To protect user privacy, fingerprint data is stored in a database or on an Entrust smartcard as an encrypted mathematical representation — sometimes known as a hash — and compared to the actual fingerprint provided at the time of authentication.

Non-Physical Form Factor Authentication

Non-physical form factor authentication provides methods of verifying user identities without requiring them to carry an additional physical device.

Knowledge-Based Authentication

Knowledge-based authentication challenges users to provide information an attacker is unlikely to possess. Questions presented to the user at the time of login are based on information that was supplied by the user at registration or based on previous transactions or relationships.

Out-of-Band Authentication

This method leverages an independent and pre-existing means to communicate with the user to protect against attacks that have compromised the primary channel. Our solutions support this capability by allowing the generation of one-time confirmation numbers that can be transmitted along with a transaction summary to the user. This can be done directly via email or SMS, or sent through voice to a registered phone number.

Entrust Identity Enterprise Mobile

Whether for consumer, government or enterprise environments, Entrust Identity Enterprise provides mobile security capabilities via distinct solution areas — mobile authentication, transaction verification, mobile smart credentials, and transparent authentication technology with an advanced software development kit. Supporting the use of the OATH standard for time-based OTP, as well as out-of-band transaction signatures, Entrust Identity Enterprise Mobile is one of the most convenient, easy to use and secure mobile authentication methods available today.

Mobile Smart Credentials

Eliminate the need for physical smart cards by transforming mobile devices into mobile credentials for enterprise-grade authentication. Advanced mobile smart credentials can be used with Bluetooth and near-field communication (NFC) technology for greater convenience and secure connectivity.

SMS Soft Tokens

SMS soft tokens enable the transmission of a configurable number of one-time passcodes (OTP) to a mobile device for use during authentication. Automatically replenished as needed, this dynamic soft-token approach delivers the strength of out-of-band authentication without the concern for constant network availability, delivery timing or software deployment to a mobile device.

Securing Your Largest Attack Vector: Identity

Learn more about common identity-based cyberattacks and how to protect your organization against them.

Identity Portfolio

IAM

Identity Enterprise


Discover Identity Enterprise and learn how Entrust’s identity access management solutions can protect your organization from cyber risk.
IAM

Identity Essentials


Explore Identity Essentials and how its multi-factor authentication software can protect your enterprise.

Get Entrust Identity as a Service Free for 60 Days

Explore the Identity as a Service platform that give you access to best-in-class MFA, SSO, adaptive risk-based authentication, and much more.