Understanding smart cards

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Understanding smart cards

Logging on to a network with a smart card provides a strong form of authentication because it uses cryptography-based identification and proof of possession when authenticating a user to a domain.

For example, if a malicious person obtains a user's password, that person can assume the user's identity on the network simply through use of the password. Many people choose passwords they can remember easily, which makes passwords inherently weak and open to attack.

In the case of smart cards, that same malicious person would have to obtain both the user's smart card and the personal identification number (PIN) to impersonate the user. This combination is obviously more difficult to attack because an additional layer of information is needed to impersonate a user. An additional benefit is that, after a small number of unsuccessful PIN inputs occur consecutively, a smart card is locked, making a dictionary attack against a smart card extremely difficult. (Note that a PIN does not have to be a series of numbers; it can also use other alphanumeric characters.) Smart cards are also resistant to undetected attacks because the card needs to be obtained by the malicious person, which is relatively easy for a user to know about.

For more conceptual information, see Using Smart Cards.

For smart card administrative and user procedures, see Smart Card How To....