Securing and Protecting Data

Securing and Protecting Data

Authentication

With the advances in technology, authentication has become part of our everyday lives. It has been integrated into our business lives, our personal lives, and even our social life. Whether you are scanning your ID badge at work, signing the receipt for a credit card purchase, or logging into your Facebook or E-mail accounts, authentication is used. Authentication is the act of validating your identity when requesting access to software, making credit card purchases, or entering to a secured facility. There are four types of authentication; something you know, something you have, something you are, and something you can produce (Whitman & Mattord, 2010). When a service requests two or more types of authentication, it is considered strong authentication, such as inserting an identification card and providing a password to access a computer workstation.

Something you know refers to the use of passwords, passphrases, codes or PINs. When creating a password, the user must make the decision to create a string of alphanumeric and special characters with differing cases. The longer and more complicated a password the user creates drastically reduces the risk of password cracking or brute force attacks. The same password must also be something easily remembered by the user to dissuade it from being written down and stored onsite or left at the workstation. A solution to this is creating a passphrase, a common phrase or date abbreviated and linked together with special characters to create a personal passphrase difficult to crack but easy to remember. An example of this would be a favorite television show with the day and time it airs. A common rule is to create a string at least eight character longs with at least one number and one special character; it is also good advice to use upper and lowercase letter in the password.

The something you have method requires the user to carry and use an access control item. The most common access control items are an ID card and a key. ID cards now come in two types, the dumb card and the smart card. Dumb cards use a magnetic strip that stores data, such as card number, and can validate a PIN. New smart cards have emerged and they contain a computer chip that allows more data than a PIN to be verified. Another option is a token; tokens can be synchronous or asynchronous (Whitman & Mattord, 2010).

The something you are method takes advantage if the unique characteristics of the user. Biometric authentication is used for this purpose. The biometric methods used are typically fingerprint, palm print, retina scan, or an iris scan. This authentication technique utilizes physical characteristics that do not change much and are difficult to fake. This is still an emerging technology and has many options for expansion in the future (Whitman & Mattord, 2010).

The something you produce method of authentication compares the user's voice or handwriting to provide authentication. The voice authentication compares a recorded phrase to the users' known samples. The analog sound waves are compared to confirm or deny a match. Handwriting samples are typically used today with purchases. The signature is captured and saved to be examined if a purchase needs to be verified (Whitman & Mattord, 2010).

When planning a new system it is important to plan the authentication

...