In this my second posting – I plan to dive straight into the nitty gritty of one of the MOST important issues about engaging efficiently with the Internet today. This is AUTHENTICATION.

So what is it and why is it so important ??

Something which is regarded as being ‘real’, bona-fide, true or genuine is regarded as being AUTHENTIC. In the old days when you bought a valuable item such as a work of art or jewelry you would determine its AUTHENTICITY before parting with your well earned cash. Your method of AUTHENTICATION might have been to consult an expert in the field, who used technical analysis to determine the nature of the metal ( eg Gold ) or the gem ( eg Diamond) or their expertise to compare the artifact with similar genuine ones .

You would have been defrauded if the expert you had employed was fooled by a copy or if the expert was in cahoots with the FRAUDSTER and he deliberately gave a misleading valuation thereby leaving you out of pocket by overpaying or being underpaid. Forgeries of paintings have been a thriving business for centuries.

In more recent times as commerce has become more widespread and more mainstream fraudulent activity has migrated into the shopping mall in the form of shoplifting ( by customers ) or by the theft of customers credit card details (by unscrupulous vendors). Bank fraud took place when bank employees colluded to steal money from customers and they siphoned money into their own accounts.

Today the Internet has become the worlds’ largest banking and shopping mall. Its ubiquity, utility and low cost have made it so. In order to conduct business SAFELY on the Internet we have to find ways of determining the AUTHENTICITY of the counter-party whether it be a bank or an online retailer. Similarly banks and e-retailers want to determine that the person who is coming to do business with them is in fact the real customer and not a FRAUDSTER.

With the rise in popularity of the Internet it was only natural that fraud would follow. Crime has now migrated online. Online Fraud or Cybercrime – what ever you want to call it – has become a bigger business than the illicit global drugs trade. It can be measured in $ 100m’s per year and is growing faster than any other form of crime.

The key to transacting online is the ESTABLISHMENT OF TRUST between you the user and the vendor/ bank. Both parties in the transaction want to determine whether the other is AUTHENTIC ( The real / genuine person who you say you are ie the person who originally signed up for the service).

The USER wants to know that the site he or she is visiting is the genuine online store or bank and the SITE in turn, wants to know that the user who wants to transact is indeed the customer he claims to be. Authentication takes place through the EXCHANGE of ‘CONFIDENTIAL’ information or factors. The SITE will authenticate you once you have exchanged one or more of these factors with it. What usually happens is that based upon the information you provide to the SITE – it then decides whether you are actually who you say you are and if so it allows you access to the ‘confidential “ information, to your bank account or to proceed with making a purchase on an online retail site.

The information ( or the factors ) it will ask for are generally classified into three classes :

Physical factor: Something the user has (e.g., device (PC or phone), dongle, software token,)
Knowledge or personal factor: Something the user knows (e.g., a password or PIN number)
Human or biometric factor: Something the user is or does (e.g., fingerprint or retinal pattern, signature or voice recognition or another biometric identifier).

Traditionally the most commonly used factor has been the personal factor where the user has to input a password together with a user name.

Many sites today rely on you the user registering with them and providing them with a user name (usually an email address ) and a password. Today when you log onto well known sites such as iTunes or Amazon you will be asked no more than a user name and password. On your personal settings in those sites your credit card details are stored – so that you can buy that CD or song effortlessly. !
The problem however is that these FACTORS especially in these simple instances can easily be stolen by HACKERS and they can then access your confidential information on the site and start to steal elements of your identity as well as you credit card details.

As more and more people shop and bank on the Web and socialize through sites like Facebook and MySpace – so the opportunity for HACKERS and FRAUDSTERS just increase exponentially. There are many solutions out there that provide varying degrees of security. In the next blog I will discuss some of these and particularly why many of them don’t work.

Comments

Post a Comment

Popular posts from this blog

The End of Passwords

Finally it seems … the penny has dropped.   Passwords are a poor substitute for real online security.   There is more and more ‘chatter’ about it.    Robin Henry writing in the Sunday Times on New Years Day talks of the end of ‘password hell’ invoking solutions in the pipeline from the Web Gods – Apple and Google.  The talk is of new biometric solutions such as facial and hand movement recognition.  Even IBM is talking this way.  ( http://www.forbes.com/sites/thestreet/2011/12/20/ibms-tech-predictions-for-the-next-5-years/ )  I agree with the notion that passwords are a dying breed but not that biometrics will become vogue.   They are fraught with problems of their own such as reliability, accuracy and the need for referencing of data-bases ( fail !) .    Why are passwords defunct?   Basically they are difficult to remember and they are easy to steal.    The solutions needed are those that require no cognitive load for the user ( the most unreliable participant in this enterprise
Read more

WIKILEAKS - the fuss?

Why all the fuss ? Why the ‘outrage’ at this ‘threat to national security’ ?   Are we really worried that nuclear war is going to break out because of these ‘dirty’ secrets getting out.  As if the North Koreans are going to up the ante any more than their mock charge of last week because of the abuse and scorn heaped upon them by US Diplomats.  ? !    Come on. To me the irony of this bluster is that it is (largely) from the right wing establishment in the US - calling it treason!     Any party that parades a half wit like Palin as a presidential hopeful hardly holds any moral high ground when it comes to protecting the USA.   Her appointment as the ‘leader of the free World’ will be enough to send any level headed American ( let alone any one of their Allies ) into a panicky tailspin at the thought of what she may stumble into ( by accident or design) . So how did these documents get out there?   Poor security.  Plain and simple.   If the US is so worried about this incident su
Read more

CAPITALISM – no longer fit for purpose ?

Image
The vast majority of humanity survive on a few dollars a day.    The economic boom of the last fifty years has benefited a relatively small elite. The fossil fuel driven economy has devastated the planet. Capitalism is the most efficient creator of wealth but it has been derailed and it has led to inequality and environmental degradation on a global scale. Global warming and capitalism’s favourite progeny – globalisation – has triggered social movements,   political discontent and massive migration.    There are more economic and political migrants seeking greener pastures than at any time in history. Increased Government participation in the economy both directly and through regulation is required to temper the excesses of laissez-faire capitalism. Degrowth means uncoupling the link between growth and prosperity.        Adam Smith’s ‘invisible hand’ has been the single biggest driver of the phenomenal economic growth enjoyed globally over the last two hundred years
Read more