jump to navigation

Identity Theft-Authentication September 29, 2013

Posted by Marybeth in Security.
trackback

Identity theft is still a major problem on the internet. Several methods have been developed to improve the “strength” of an authentication system in preventing the identity-theft attacks. Multi-factor authentication is a method used for authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor (“something only the user knows”), a possession factor (“something only the user has”), and an inheritance factor (“something only the user is”). Knowledge-based authentication (KBA) is typically used as an extension to an existing password authentication. A question is asked that allows the users to prove that the claimed identity belongs to them. KBA is also used as an identity-verification method for self-service password-reset processes. Many companies (credit card, online retail sites, online banking) use the challenge-response method for users to prove their identity. Some sample questions include:
1. Name of your favorite pet?
2. Name of your high school mascot?
3. What city were you born in?
4. Name of your favorite movie?
At one time, these types of questions could have been considered “something only the user knows”. In today’s world of social media, many people have the answers to knowledge based questions posted on their Facebook page. Knowledge factors are one of the most commonly used forms of authentication. Should people be careful about what type of personal information is posted on their social network page? It is a challenge not to post photos of your favorite pet and/or post about a favorite movie etc., but it is important to keep the questions you use to verify your identity as private. How many people do this, though? What about the people, added as friends, who later turn out to be fraudulent? Identity theft is still growing strong on the internet and is prospering due to the inattention of social media users.
References:
http://en.wikipedia.org/wiki/Two-factor_authentication
http://msdn.microsoft.com/en-us/library/cc838351.aspx

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: