PDF Version: Latest-Identity-and-Access-Management-Trends
With continuous growth in the number of cyber-attacks, user authentication has become one of the most important aspects in information security. User authentication is accomplished through passwords that should be entered by a user in order to prove his identity and gain access to a computer or communication system. Traditionally, text based passwords are used for authentication. However, text passwords are highly vulnerable and pose as an easy target for hackers. Thus, modern authentication techniques based on graphical methods are now being used to combat hacking practices.
Graphical user authentication is an attractive alternative to alphanumeric passwords. To setup a password, the users have to select an image at a series of subsequent screens. The images are presented specifically in a graphical user interface. As a large number of pictures are presented at every screen; the number of possible combination of images is extensive. This offers better resistance to dictionary attacks as compared to text-based password approach. Also, the graphical password approach is considered to be more user friendly than a text based password.
Due to the advantages that graphical passwords offer, there is a growing usage of these in workstations and web log-in applications. Graphical passwords are also being applied to ATM machines and mobile devices.
Categories of graphical password techniques are:
- Recognition Based System: In this technique, the user is presented with a set of images and is challenged to identify a single or more images that were selected during the registration stage. The user has to identify the pre-selected images in order to be authenticated. Such recognition systems are also called search metric systems. To use graphical recognition schemes, the system is required to retain some information from user specific profile data. This helps the system to know which images belong to a user’s portfolio and display them at the time of login authentication.
- Recall Based System: In recall based techniques, the user is required to create a drawing to set up the password. The recall based passwords are typically drawn on a blank canvas or a grid. At the time of login, the user has to reproduce the drawing that he created during the registration process. These graphical based systems are referred to as draw metric systems because user authentication is based on using the drawn image as a reference.
Following are some points that should be considered before implementing a graphical password:
- The password contains image as a reference and encryption algorithm.
- The login contains username, images, graphical password and related methods.
- SSR shield for shoulder surfing.
- The grids contain unique grid values and grid clicking related methods.
For more information on graphical user authentication, call Centex Technologies at (254) 213 – 4740.
Card skimmers are used to capture details stored in credit or debit card’s magnetic strip. They are generally attached to the card readers at sales terminals or ATM machines. When a customer slips his card into the compromised machine to make any financial transaction, these devices capture and store card’s information.
The threats of card skimming are evolving due to which banks and ATM manufacturers are devising ways to prevent this method of counterfeiting. Here are some points you should consider to secure yourself from card skimmers:
- Check For Tampering: Before using an ATM, check for some obvious signs of tampering at the card reader spot, keyboard, near the speakers, at the side of the screen and other nearby spots. If anything looks different in terms of alignment or color, avoid using that ATM. Card skimmers may also be installed at ATMs or sales terminals of gas stations and shops. To detect a card skimming device, check if the credit card reader is protruding outside the rest of the machine.
- Other Ways To Spot The Card Skimmers: If any part of a card reader is loose or moved, it can be a sign of card reader’s tampering. Also, scan the area for hidden cameras that may be recording you while you enter your PIN. So, it is always advised to cover your hand while you type the PIN. The keyboard and the card reader should always be in alignment to the color and style of rest of the machine. If the panels are broken or dented and if the security seal is broken, these are some obvious signs of tampering.
- Use The Right Type Of Card: Banks are nowadays issuing credit/ debit cards with an indented chip. This is because the chip technology, in contrast to magnetic strip, makes it harder for thieves to skim your data. But the thieves can still steal your credit card information using shimmers. Shimmers are paper thin & undetectable models of card skimmers. These are more complex devices and have their own chips which can intercept card’s information.
- Think Through Your Steps: The ATMs inside the bank are generally safer because of security cameras installed in the premises. Also, users should prefer alternative payment methods like transactions through Apple Pay, Android Pay, etc. These services tokenize your information and are much safer than using your actual credit card. In any case, if your card data does get stolen; report the theft to the bank as early as possible. Keeping an eye on your debit and credit card transactions is a great way of spotting unauthorized activity at the earliest.
For more information about IT security and methods to safeguard your financial information, call Centex Technologies at (254) 213 – 4740.