03 February, 2014

The Art of Authentication Don't Be a Victim of Identity Theft


You don't need to be a security expert to understand that attackers too numerous to count are constantly barraging companies and users with threats targeting their information. Even worse, the attacks grow in number and sophistication every day. The result is that users and organizations spend an inordinate amount of time, money, and resources mitigating these threats. This includes implementing various forms of authentication on personal devices and corporate infrastructures to verify the right people are granted appropriate access and privileges. Here we'll review different types of authentication, means of implementation, and best practices to employ to resist any Identity Theft Attacks 

IDENTITY AUTHENTICATION 

As the phrase suggests, "identity authentication" is essentially the act of ensuring someone is who he says he is a process vital to personal and business situations for keeping unauthorized users and employees from accessing certain data, applications, networks, and other resources. Depending on the solution used, the authentication process generally requires providing one or more forms of proof of identity. Security experts and professionals often categorize these requirements into information a user knows (such as a password), something a user possesses (such as a security card), and information unique to a user (such as a fingerprint). Speaking of personal usage, think of the security "pass code" you can set up for a smartphone. Although another user might come to physically possess the smartphone via theft or loss, he would still have to enter the "pass code" to access to the smartphone's contents. In terms of business authentication, consider a password, fingerprint or security access card an employee must provide before, say, gaining entry to a data center or accessing a corporate application. Some solutions enforce two-factor authentication in which a user must provide two types of identification, such as something he possesses and something he knows; an example of this is an ATM card and a PIN. Three-factor authentication entails providing three forms of identification; in this case, a user might provide a password, a fingerprint scan, and a randomly generated code from a key fob before gaining access to a corporate application. 

PASSWORDS 

Companies have traditionally made use of usernames and passwords for employee authentication. Over the years, however, as instances of Cyber Attacks have increased dramatically and attackers have obtained scores of customer and user passwords, the appropriateness and effectiveness of username/password authentication has come into question. Sti II, many (if not most) companies continue using passwords alone for authentication purposes. Security experts say, "In theory, though it would be terrific if organizations were able to employ multi-factor authentication to access every application, that isn't practical from a cost or use case for most companies. This is particularly true for smaller organizations." In many cases, a strong password might be sufficient. The issue, however, is that companies often implement password policy and management poorly. We have to agree that implementing two-factor or multi-factor authentication for every situation would be ideal, but it isn't always practical. Companies should definitely consider two-factor authentication, though, if they allow employees to work remotely or use personal devices to access corporate resources. 

MOBILE DEVICES 

A mobile device can actually serve as a second authenticating factor. If a company doesn't allow remote workers, then Ds and passwords might be satisfactory for employees who have limited access to sensitive data and corporate resources. Overall, if employees are using remote connectivity tools, Cloud services, or mobile devices, IDs and passwords offer only basic security. Enterprises should implement either two- or multi-factor authentication or set privilege levels for different employees. Many companies continue to use usernames and passwords solely because they're the status quo, according to trade analysts. Still, according to a recent Quocirca Survey, 70% of enterprise organizations asked responded that it was either "true" or "somewhat true" that they no longer relied exclusively on username/password combinations. It is sometimes unclear whether it's best for enterprises to require two- or three-factor authentication. For any application or asset where the data associated with it is deemed critical, confidential, or even sensitive, multi-factor authentication might be the best route. Other authentication options include the use of tokens (e.g.„ via USB key fobs) and bio-metrics (in the form of face, voice, iris, or fingerprint recognition systems). 

Alternatives

There are any number of alternatives to traditional IDs and passwords that might, in the appropriate case, be the way to go for an organization and an application, but some of these may be better used as a supplement (such as bio metrics or query-based access methods.)

SINGLE SIGN-ON 

Another possibility is to use single sign on (SSO). For small and mid sized businesses specifically, bio-metrics (which is often integrated into devices) along with SSO can serve as a viable option. SSO essentially enables a user to access multiple applications and systems through a single pass of user authentication and authorization. In other words, one login and password action is required. SSO solves a big problem common to all forms of strong authentication: it isn't easy to implement strong authentication for every different application. Increasingly, SSO can be used for on-demand (Cloud-based) applications, as well as in-house ones. The chief drawback of SSO is that if one user credential is compromised, the perpetrator then gains access to multiple systems. Additionally, if the SSO system becomes unavailable for some reason, users are locked out of all the systems and applications that SSO is managing. 

THE RIGHT OPTION 

Among newer technology fields currently proving more influential to companies' approaches to authentication and security are big data, social networking, and mobility. And within the mobility category, there is the "bring your own device" (BYOD) trend. 

Unfortunately, as large of a potential impact as something like BYOD could have on an organization's security posture, most businesses don't seem to be focusing enough of their attention on how to address security issues strategically and tactically. Some forward-looking and compliance-driven businesses are making identity and access management a priority in the face of all of these factors but unfortunately, most are still too reactive. It will probably take a significant security breach to focus their attention on the issue. As far as choosing the right protection for the company is concerned, the following factors ought to be considered: trade-offs between productivity and convenience for end users; security and risk of the resources being accessed; and total cost (acquisition, integration, deployment and management over time). The reason so many companies still exist and are being tasked with solving password problems is because of this age-old trade-oft When choosing the right protection, it is necessary to weigh the value of the asset depth of expertise, cost of the solution, and end user buy-in. If the solution is too obtrusive, it is going to be more of a hindrance than a help. We should also stress that choosing the right authentication solution isn't just about protecting the application being accessed, but who is accessing it. 

QUICK FACTS 

  • It is reported that every 3 seconds, a new victim falls under Identity Theft 
  • 3 out of 5 victims of Identity Theft did not know the source of their funds 
  • In 2012 more than 12 Million people were victims of Identity Theft 

Muhammad Shoaib have a good experience in the field of Blogging since decade. If you are a new blogger who just starts your blogging career then www.shoaibonline.com is the perfect place to learn about blogging.


EmoticonEmoticon