Setting up a global authentication policy isn't as challenging as it sounds. User IDs and passwords may come from different languages, but, in the end, they're still different flavors of the same authentication credentials.
The problem with unifying authentication policies around the globe is more of an infrastructure and architecture issue than one of authentication systems. Enterprise authentication systems, by and large, are pretty much the same everywhere, and can scale up to hundreds of thousands of users. In addition, many have support for internationalization and can handle everything from Roman characters for English and European languages to Middle Eastern languages like Hebrew and Arabic -- which are read from right to left -- to Asian languages made up of thousands of characters. Unicode, a universal coding system to uniquely represent any letter or character in any language, makes it possible.
Unicode is an industry standard accepted by the major manufacturers of IT products, such as Microsoft, Sun, Apple, Hewlett Packard and Oracle, and is a part of most key programming languages underpinning authentication systems, such as Java and .NET. The two main authentication directory services -- Active Directory (AD) and lightweight directory access protocol (LDAP) -- both work with Unicode.
Authentication systems using Unicode can adapt login screens and management consoles immediately to the locale of the user. The logon screen will translate and display perfectly with all letters, characters and other diacritical marks in the local language.
The prob
To continue reading for free, register below or login
To read more you must become a member of SearchFinancialSecurity.com
lem is knitting together different authentication systems -- sometimes at different levels of technology -- on different platforms.
Here are some best practices to integrate authentication policies around the globe:
Where things gets sticky is in secondary authentication systems used to beef up user IDs and passwords. An example is security questions used to reset passwords. The classic mother's maiden name question doesn't work in Latin America or the Middle East, where many people have two or more last names. The question about the user's high school can be confusing in China and Europe, where the secondary school system is different than its U.S. counterpart. And questions about pet names mystify people in countries where animals are only used for farming and aren't allowed in the house.
If adopting a global set of security questions is a problem, either don't use them, or let each country or region choose its own. This issue aside, with built in internationalization support in existing directory services, your global authentication policy enforcement can parallel your domestic policy.
About the author:
Joel Dubin, CISSP, is an independent computer security consultant and speaks six languages, including two with non-Western alphabets (Hebrew and Arabic). He is a Microsoft MVP, specializing in Web and application security, and is the author of The Little Black Book of Computer Security, available from Amazon.com. He has a regular radio show on computer security on WIIT in Chicago and runs The IT Security Guy blog at www.theitsecurityguy.com.
