Home > Articles > Home & Office Computing > Microsoft Windows Desktop

Using Smartcards in Windows Server 2003/XP

  • Print
  • + Share This
  • 💬 Discuss
Worried about password authentication security on your Microsoft Windows network? With Windows Server 2003 and Windows XP, you can get smart cards working for you faster than ever before.

In the movie War Games, the main character cracks the password of his high school's computer system. And he doesn't use a password-cracking program to do it. He simply looks for a piece of paper that contains a password list—and finds it taped to the bottom of a desk drawer in the school's office.

How can you keep people from writing passwords on a piece of paper taped to their workstations? Instead of using passwords for authentication, consider implementing smartcards. A smartcard is a device the size of a credit card, with a security chip that can be used for logon authentication, remote access, entry-control systems, and more (see Figure 1).

Figure 1

Figure 1 For something the size of a credit card, a smartcard packs a wallop of security.

When you use a smartcard, you get a two-factor authentication system:

  • Users must have the smartcard to log onto the computer.

  • Smartcards typically require a personal identification number (PIN).

The typical analogy for smartcard usage is the automated teller machine (ATM) card. You insert the card into the reader and enter a PIN to gain access to your account. As long as you don't write your PIN on the card, you need both items—the PIN and the card—to access the account. That's a valuable level of security.

NOTE

Smartcards are just the beginning. Some manufacturers add biometric authentication to smartcard authentication, creating three-factor authentication. For example, a thumbprint scanner, smartcard, and PIN might be required to access a system.

Your Equipment Shopping List

Let's assume that you're fed up with passwords and you're ready to buy into smartcards and PINs for your Windows Server 2003 or Windows XP system. What stands between you and smartcard authentication bliss?

The obvious first step is to acquire smartcards and smartcard readers. The Microsoft Web site has a list of smartcard readers that are compatible with Windows Server 2003 and Windows XP.

A wide variety of smartcard readers are available these days, using USB, RS-232, and PC-Card standards. I've found smartcard readers that support Windows Server 2003/XP at retail prices of $20 to $40 each. Each smartcard typically costs $5–16. Of course, discounts are available if you look hard enough, buy in bulk, and negotiate well. Several computer and motherboard manufacturers are even building smartcard readers into their products; you might investigate this option when buying new equipment.

Selecting a single smartcard type and manufacturer for your systems makes administration and implementation easier. You'll see why later in this article.

  • + Share This
  • 🔖 Save To Your Account

Discussions

comments powered by Disqus