Robert DOELL's profile
If you appreciated this user's contributions, you can grant him a small donation.
Tags
Resources
Security: Best Methods for Authenticating Users
Digital Certificates are little files that are distributed by a PKI framework and they reside on your laptop/computer or some sort of token; this is probably the easiest strong authentication for the user but the hardest to manage - there is a lot of extensibility for the enterprise by choosing this method
Security: Best Methods for Authenticating Users
Similar to tokens, and one step up from a magstripe on credit cards, smart cards have a chip that can hold digital certificates and other information. They are a popular method for logging into community workstations and for implementing SSO (Single Sign On)
Security: Best Methods for Authenticating Users
SecureID is probably the most tried and true method of two-factor (strong) authentication. It is a token that you carry that displays a synchronized number that you must enter as an additional password. Some tokens also require an additional PIN in order to use.
Security: Best Methods for Authenticating Users
A transformation of the token into a USB key. This method allows integration of the authentication hardware directly with the application.
Security: Best Methods for Authenticating Users
The most popular and in-use form of user authentication. Combined with another form of authentication can be very secure; today, when used alone it is not very secure.
Security: Best Methods for Authenticating Users
An innovative way of authentication that deals with the users memory of clickable 'key points' in an image. (the link is good for the origination, but I ran across a demo that used an image of a street in Amsterdam; if you know the url, please comment)
Security: Best Methods for Authenticating Users
You've seen these before: What city were you born in? What is your pets name? and What is your mother's maiden name? -- probably the 3 most common challenge-response questions in use today, and probably the most widely used for social engineering and identity theft.
Security: Best Methods for Authenticating Users
I noticed this method of authentication widely used during the BBS days; once again it is a viable method of increasing the difficulty of impersonating or using someones credentials by attempting to contact the person at their registered location or device (cellphone)
Security: Best Methods for Authenticating Users
When people hear biometrics, this is what they think of.
Security: Best Methods for Authenticating Users
Another way of measuring a feature on a human and comparing it to a record, made popular by sci-fi, most noteably the films Blade Runner, and more recently Minority Report.
Security: Best Methods for Authenticating Users
When comparing a scan to a database it takes time so it is advisable to make the scanned data as small/simple as possible so that the search can be done faster. Biometrics used in high traffic entry points requires very minimal time to perform, with minimal errors in order to be acceptable; all these are reasons for using this method.
Security: Best Methods for Authenticating Users
Another method for authentication that deals with measuring the duration and speed of keystrokes when typing a phrase.
Security: Best Methods for Authenticating Users
You've probably seen the rudementary method of recording your signature at Point-of-sale machines when making a credit card purchase. That data is only used as a record of the transaction; if it were compared to your real signature electronically it would be the proper method of this type of authentication. (no, the clerk comparing your card's signature isn't viable)
Security: Best Methods for Authenticating Users
Lot's of references to this on the 'net but no meat yet. It is coming but don't expect to see it today unless your dealing with forensics.
Security: Best Methods for Authenticating Users
'My Voice Is My Password' another method, not very practical in the future however.
