College Finder
English flagItalian flagKorean flagChinese (Simplified) flagGerman flagFrench flagSpanish flagJapanese flagArabic flagRussian flagGreek flagDutch flagBulgarian flagCzech flagCroat flagDanish flagFinnish flagHindi flagPolish flagRumanian flagSwedish flagNorwegian flag
By N2H




Authentication methods

December 18, 2009


What you do and where you are, are important authentication methods that should be used in combination with the other three authentication methods (What you know, what you have, and who you are). This two authentication techniques are important because they increase the security of the system e.g.  Where you are restricts access to the system based on the logical location of an individual or computer thus making hacking difficult and cumbersome unless you are in that same location or terminal.  What you do restricts an individual to a particular job role thus it makes it difficult to access full information only partial data can be accessed in case of a security breach.

Also authentication methods tend to improve as new techniques come up thus these two new techniques can be seen as more secure than the previous authentication methods i.e. something you know e.g. password or PIN is easier to crack than something you have e.g. smart card which can be overcome by theft, which makes it less secure than something you are e.g.  Biometric systems like fingerprint and voice patterns. What you do  restricts a person to a particular job role thus only partial information can be accessed if there is a security breach and where you are restricts access to a system to a particular location thus it makes it harder for someone to break into the systems unless they work from the same location as the authenticated individual.

Examples of authentication methods

What you know: This authentication method utilizes passwords, maiden names, passphrase etc. e.g.  When log into your personal computer with your password then you utilize this technique.

What you have:  this method or technique utilizes something that a person has possession of e.g. a key to a lock. The key is something you have and as long as you don’t lose it or its not duplicated then you can be the only one with access. A smart card is also another example of what you have; it can be used to gain access to a building, room or systems.

Who you are: this technique involves the using physical characteristics of an individual e.g. voice recognition systems, retina pattern, hand geometry etc. an example of this technique is accessing an sensitive military installation and using the retina pattern as an authentication method for accessing the building.

What you do: this technique involves a task or a specific action that you have to accomplish, it can also be your job role. E.g. in online banking systems one can type a passphrase as a means to authenticate yourself and access the system. Also in a database system a person can log in and only have access to a particular portion of the database e.g. a purchasing agent can only access inventory data and not sales or financial data.

Where you are: This authentication technique takes into account where an individual logs in i.e. from a certain location or from a certain terminal. E.g. if the helpdesk function of AT&T is outsourced to India, then  helpdesk workstations should be allowed to access enterprise wide systems only from India and nowhere else.


Page copy protected against web site content infringement by Copyscape

Written by Anthony Kinyua · Filed Under IT Audit & Security 

Comments

2 Responses to “Authentication methods”

  1. Randy Pena on December 18th, 2009 6:27 pm

    Hi there,

    I looked over your blog and it looks really good. Do you ever do link exchanges on your blog roll? If you do, I’d like to exchange links with you.

    Let me know if you’re interested.

    Thanks..

  2. Randy Nichols on December 18th, 2009 6:29 pm

    Great Blog post. I am going to bookmark and read more often. I love the Blog template

Got something to say?





FireStats icon Powered by FireStats