Online Security & Identity Theft
Each day computer users log in to computers and websites by providing information that will positively identify them to the authenticating system. If your organization is like most, that information consists of a user ID and a matching static, reusable password or PIN code.
Unfortunately, this is also the least secure form of authentication available and the one most vulnerable to attack. Because remembering arbitrary information can be difficult, users often write passwords down or choose passwords that have some meaning to them, such as the user's birthdate, name, nickname, spouse's or pet's name, etc. and can therefore be guessed. Commonly used words can be discovered using dictionary attacks while in the case of numeric passwords, brute force attacks can discover it.
Encryption not always effective
In addition, use or transfer of this sensitive information creates security risks for several different reasons. User identifying information traveling over a network may be intercepted by unauthorized individuals who can subsequently use it to assume the user's online identity and illegally obtain access to sensitive information. The use of secure communication protocols improves security by encrypting the information being transmitted. Unfortunately many authenticating systems do not use secure protocols, leaving sensitive information vulnerable to attack.
Increasing threat of spyware
Although phishing, spoofing, pharming and other types of attacks are getting a lot of attention, one of the security issues most often mentioned by consumers is spyware, and specifically key loggers, software installed on a user's machine without knowledge or authorization that captures user IDs, passwords and other identifying information that the user types on the keyboard. This information can then be retrieved by criminals to assume the user's online identity for the purposes of fraud.
Even if the user logs in to a secure website, where communications between the user's computer and the website are encrypted, the presence of this type of software is not going to provide any security at all, as the identifying information has already been captured while it was being typed, even before it was encrypted.
Protecting information assets
In view of this growing list of online security threats, the ability of organizations to positively identify their users and protect them and the organization from identity theft, hackers, defrauders and other criminals has become an overriding concern. As a result, it has become imperative for organizations to implement and maintain effective authentication and security solutions to protect their most critical information assets.