[igCS] Authentication

Verify the identity of user or;

Verify the data is from a trusted source (e.g. website)

Username and password, PIN

Biometrics

Digital Signature / Certificate

Websites can attach a digital certificate, to prove that it is the authentic website

Digital Certificate for email can prove that the sender's identity, and also the message is not altered

Digital Certificate is usually issued by a third-party organisation or government

Browsers will check the authenticity of the certificate

Certificate should be issued by trustworthy CA (certificate authority)

If certificate does not match, e.g. facelook.com giving out a facebook.com certificate, browser will give warning

Username: To identify the user

Password: To Prove that you are that user

Chip (usually refers to debit card with computer chip)

PIN (Personal identification Code, usually refers to number only)

Chip and PIN usually used in Payment system (not common in Macau)

More secure than magnetic strip cards as data can be encrypted on the chip

Watch following video and write down what the password hackers will try

https://www.youtube.com/watch?v=97CdJFyAv1s&has_verified=1

Password that is "difficult" to guess by the hackers

Difficult refers to a reasonable amount of time and computation power

The difficulty will varies as the computer is getting faster and faster

In general increasing password length will make the difficult exponentially increase

Captcha

Firewall

2FA - two factors authentication