Factor of Authentications

The security of authentication have 2 sides of responsible.. either User or Service provider. Service Provider need to build the system login that can

1. encrypt all the Data of password and the encryption must be latest unknown to hacker / machines. provider must test the encryption not yet decipherable by any machines such as john the ripper and etc.

2. separate username and password page to avoid Phishing with picture or keyword

3. Hide by replacing star each password characters to avoid spy

4. Educate an awareness to User on how to protect their password such as password policy (combination of character ad minimum length of password so that not easy for Hacker Machine to crack it.

5. get certified the system security by free expert body or ethical hacker to verify your system security to gain public confident

After That, The Provider must design the needs of FA's depend on business needs.

What do you Know /or easily Remembered

The system authenticate a user by something that easily to remember by authentic user such as username and password by using keyboard, gestures or pick points in touchscreen and mouse click locations in picture. The system must protect it by the encryption techniques.

Meanwhile physically changing the password text as stars symbol as discussed above.

Weakness: The attacker need to guess it by study / reconnaissance user with active and passive approach to find out the password, gesture and location point that may attract user used as a password. Some brute force software may use their server library of common password. or maybe input some possible combination password after the foot printing victims by using software such as john the ripper.

How did you Have it

The system authenticate a user by something that provided by company / system provider such as T.A.C number, RFID card and clone able transponder id Technology with secure procedure on how you to have it. The provider must provide special procedure or special machine / device to secure this authentication technique.

Weakness :The attacker may copy and clone the ID card number by build the same machines or cloning the sim phone number that will also receive the T.A.C number as an example must via recognize and registered phone number

Who you Are

The system authenticate a user by bio-metric base such as fingerprint, face recognition, retina scan, DNA and maybe in future as technology rapidly growth.

Weakness: The attacker may copy and cloning the bio metric ID by using silicone and rubber technology or even high quality image or audio that can fool the recognition devices.

Where you Are

The system authenticate a user by Machine MAC Address, IP, GPS or any location definition,

Weakness: the attacker may fake the ID machine. such as MAC address or GPS location etc.

When you are allowed

The system authenticate a user by duration of time valid by server time provider. The attacker need to stop time of the server to remain valid. As example the security system may activate between not an office hours Or the password can only be use at specific duration active time of user. the password must be key in 3 times only or blocked or within duration allowed. the most famous example is T.A.C number that must be key in in 4 minutes, if not the T.A.C will not valid at all.

Weakness: The attacker may intercept with fake clock Server.

Combination of Factor Authentication

Most of the system will not use single factor of authentication. they will combine it all or some of it to make it more secure. As example in Online banking. there is password characteristics and username, picture ID or phrase ID (what you know). T.A.C via sms or voice phone (how do you have it), with duration valid to key in the T.A.C number (when you are allowed) and finally recognized location/devices, where you do the transaction (where you are) before verified the transaction.

The more combination FA, more secure the more difficult for hackers to hack.

So What is User responsible?

1. Never use same password for all account you register
Risk: if one of your account id hacked, it will risk your other account too.
Problem: it is not easy to remember many passwords

2. Never login your important account such as bank account via public WI-FI
Risk: somebody may act as server that can spy on you
Problem: to own your internet sometime expensive and problem with coverage

3. Always check your software or files or URL link with virustotal.com or any latest antivirus
Risk: they maybe install spyware or malware into package
Problem: cheaper software or free offer will always attractive and needed.

4. Never expose too much information in public
Risk: they maybe use your information to do hacking
Problem: Information can be gathered via

5. Always update your knowledge and skill to protect your data / password
Risk: As technology change rapidly and also the hacker tricks.
Problem: do we have much time to alert about security?