Home‎ > ‎Ethics‎ > ‎

Authentication

Before understanding the terms, let us try to ask ourselves these following questions:

          Have any of you ever had your authentication method hacked?  What was the outcome? 

          How many of you have had to call a help-desk due to a password related issue? Over 50 percent of help-desk calls are password related.

          When you forget your username or password, what do you do? Do you call someone?

          Where do you go to ask when your wireless network does not function properly?

          What is it that you do differently on Amazon to make customers buy your products?

          Why is iphone considered more secure than other regular phones out there?

 

     All these questions are not really linked to the terms below. But they all emphasize one main term: Security. This is one of the                            major issues in today’s technology world.

    What is Authentication?

    Whenever we go on our yahoo mail, or Gmail, or My Space, we are first asked to verify our identity. This identity is usually in                 terms of a username and a password or could be a security question for further identification. This method for verifying the user’s     identity is called Authentication

    What is Authorization?

    When we log into a computer at our work, we are given smart cards, or tokens or voice recognition certain logins and passwords     to have access to the private entry or software of a company. This process of allowing users to have access to the secure resources of a system is called Authorization.

    Both Authentication and Authorization work together. First, the user is authenticated by a secured login and then authorized to use the network provided by the system or company.

This is by far the best and most effective way to manage authentication

      Biometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting

      Unfortunately, this method can be costly and intrusive

1. What types of technology could big retailers use to prevent identity thieves from purchasing merchandise?

    • They could use the Authentication and authorization technologies that can help the big retailers to identify if the user that logged in is the real user. The new technology such as biometrics would not allow a person to have access once it recognizes the user’s either voice or face or iris or handwriting. This piece of technology is much more accurate to identify theft since the simple logins or passwords could be stolen so easily. If the retailer notices any suspicious information on his system, he should immediately contact the customer either through email or phone to verify if it was the correct user or not.

2. What can organizations do to protect themselves from hackers looking to steal account data?

    • The man, who downloaded all the data freely by sitting outside a Best Buy Store, can do much with the social security numbers of the people he received. Identity theft has been just such a major issue. Once someone is trapped in it, it is just terribly hard to prove that you were innocent. The first step in information security is people. People should be acknowledged about the threats of using online software, how to avoid them, about phishing and pharming.
    •  The second step is technology including: Authentication and authorization
    •  Prevention and resistance - content filtering, encryption, firewalls
    • Detection and response - antivirus software

3.        What are the two primary lines of security defense and why are they important to financial institutions?

    The two primary lines of security defense are people and technology. Since banks deal with money they must offer the most advanced security features to keep their customers finances safe. According to statistics, the financial industry has the fifth highest expenditure/investment per employee for computer security. Banks without security will not last long.

4.        Explain the difference between the types of security offered by the banks in the case. Which bank would you open an account with and why?

    • Bank of America is implementing authentication and authorization technologies such as online computer identification
    • Wells Fargo & Company is implementing authentication and authorization technologies such as additional password criteria
    • E-Trade Financial Corporation is implementing authentication and authorization technologies such as Digital Security IDs
    • Barclay’s Bank is implementing prevention technologies such as online-transfer delays and account monitoring

 

Reference:

Baltzan, P., & Phillips, A. (2009). Business Driven Information Systems. New York: McGraw-Hill/Irwin.

 Links:

http://www.gpoaccess.gov/authentication/

http://httpd.apache.org/docs/1.3/howto/auth.html

Comments