Cloud, Digital, SaaS, Enterprise 2.0, Enterprise Software, CIO, Social Media, Mobility, Trends, Markets, Thoughts, Technologies, Outsourcing


Contact Me:

Linkedin Facebook Twitter Google Profile


wwwThis Blog
Google Book Search



  • Creative Commons License
  • This page is powered by Blogger. Isn't yours?
Enter your email address below to subscribe to this Blog !

powered by Bloglet


Friday, March 11, 2005

Identity Thefts And Emerging Solutions

To combat phishing, companies are augmenting passwords with new web safeguards to keep your personal info protected writes, Stephen Wildstorm in Businesweek. Excerpts with edits and my comments added:

Unlike virus attacks, in a typical phishing attack, thieves send mass e-mails supposedly from reputable businesses, directing customers to a site where they are asked to divulge vital information, such as passwords, bank account numbers or credit card information., Phishing is theft, pure and simple. They pull it off primarily by fooling their unsuspecting victims, rather than by exploiting flaws in software. Phishing incidents continue to proliferate despite the concerted efforts to control them. The time has come to attack the problem at its root: the inadequacy of passwords. For Web sites where the potential losses are large, such as online banking sites, the password, no matter how cleverly constructed, has become too dangerous to use by itself.

The issue is authentication - proving that you are who you claim to be online. Even the strongest password can be stolen by phishing. So for real security, passwords should be supplemented with either a biometric, such as a fingerprint, or a code. In most cases, the latter is an electronic password that changes with each log-in and that's generated by a device you carry. Biometrics work well on corporate networks, where the initial registration can be done in person, but they're problematic for online-only transactions. Code devices may have broader appeal.

Solutions like Entrust have come with a number labeling each of five rows, a letter for each of 10 columns, and a digit in every cell. This allows for many trillions of arrays to be generated randomly with a near zero probability of any two being alike. when you log in to an IdentityGuard-protected system, you are asked to enter your user name, password, and the digit that appears in three or four cells. You look up the information on your array, which could be printed on an ATM or credit card, and enter it to log in. This site tracks online phishing scams and identity theft issues –including phishing scandals in sites like eBay and here is an article phishing story in a banking environment.This is going to make doing business online slightly less convenient, but it's a necessary evil. The extra step is far less trouble than cleaning up after an identity theft

ThinkExist.com Quotes
Sadagopan's Weblog on Emerging Technologies, Trends,Thoughts, Ideas & Cyberworld
"All views expressed are my personal views are not related in any way to my employer"