The security of authentication have 2 sides of responsible.. either User or Service provider. Service Provider need to build the system login that can
1. encrypt all the Data of password and the encryption must be latest unknown to hacker / machines. provider must test the encryption not yet decipherable by any machines such as john the ripper and etc.
2. separate username and password page to avoid Phishing with picture or keyword
3. Hide by replacing star each password characters to avoid spy
4. Educate an awareness to User on how to protect their password such as password policy (combination of character ad minimum length of password so that not easy for Hacker Machine to crack it.
5. get certified the system security by free expert body or ethical hacker to verify your system security to gain public confident
After That, The Provider must design the needs of FA's depend on business needs.
What do you Know /or easily Remembered
The system authenticate a user by something that easily to remember by authentic user such as username and password by using keyboard, gestures or pick points in touchscreen and mouse click locations in picture. The system must protect it by the encryption techniques.
Meanwhile physically changing the password text as stars symbol as discussed above.
How did you Have it
The system authenticate a user by something that provided by company / system provider such as T.A.C number, RFID card and clone able transponder id Technology with secure procedure on how you to have it. The provider must provide special procedure or special machine / device to secure this authentication technique.
Who you Are
The system authenticate a user by bio-metric base such as fingerprint, face recognition, retina scan, DNA and maybe in future as technology rapidly growth.
Where you Are
The system authenticate a user by Machine MAC Address, IP, GPS or any location definition,
Weakness: the attacker may fake the ID machine. such as MAC address or GPS location etc.
Weakness: the attacker may fake the ID machine. such as MAC address or GPS location etc.
When you are allowed
The system authenticate a user by duration of time valid by server time provider. The attacker need to stop time of the server to remain valid. As example the security system may activate between not an office hours Or the password can only be use at specific duration active time of user. the password must be key in 3 times only or blocked or within duration allowed. the most famous example is T.A.C number that must be key in in 4 minutes, if not the T.A.C will not valid at all.
Combination of Factor Authentication
Most of the system will not use single factor of authentication. they will combine it all or some of it to make it more secure. As example in Online banking. there is password characteristics and username, picture ID or phrase ID (what you know). T.A.C via sms or voice phone (how do you have it), with duration valid to key in the T.A.C number (when you are allowed) and finally recognized location/devices, where you do the transaction (where you are) before verified the transaction.
The more combination FA, more secure the more difficult for hackers to hack.
1. Never use same password for all account you register
Risk: if one of your account id hacked, it will risk your other account too.
Problem: it is not easy to remember many passwords
2. Never login your important account such as bank account via public WI-FI
Risk: somebody may act as server that can spy on you
Problem: to own your internet sometime expensive and problem with coverage
3. Always check your software or files or URL link with virustotal.com or any latest antivirus
Risk: they maybe install spyware or malware into package
Problem: cheaper software or free offer will always attractive and needed.
4. Never expose too much information in public
Risk: they maybe use your information to do hacking
Problem: Information can be gathered via
5. Always update your knowledge and skill to protect your data / password
Risk: As technology change rapidly and also the hacker tricks.
Problem: do we have much time to alert about security?
So What is User responsible?
1. Never use same password for all account you register
Risk: if one of your account id hacked, it will risk your other account too.
Problem: it is not easy to remember many passwords
2. Never login your important account such as bank account via public WI-FI
Risk: somebody may act as server that can spy on you
Problem: to own your internet sometime expensive and problem with coverage
3. Always check your software or files or URL link with virustotal.com or any latest antivirus
Risk: they maybe install spyware or malware into package
Problem: cheaper software or free offer will always attractive and needed.
4. Never expose too much information in public
Risk: they maybe use your information to do hacking
Problem: Information can be gathered via
5. Always update your knowledge and skill to protect your data / password
Risk: As technology change rapidly and also the hacker tricks.
Problem: do we have much time to alert about security?