Should user authentication be considered as a part of a DR plan?
User authentication -- or lack of it -- can cause a system disruption if it grants access to an unauthorized user. As such it could become an issue in DR plans, only if it directly results in a system disruption. It is more likely to be addressed in an information security management plan.
Two-factor authentication is generally accepted as a satisfactory strategy for access management. Advanced solutions for access management, such as password management tools, keystroke monitoring systems, biometrics and voice recognition can be used, but represent an added investment that may (or may not) generate a commensurate added level of protection.
This was first published in October 2013