Eight Steps to Enterprise Data Protection
Eight steps to developing an enterprise data security plan.
Enforcing a policy that requires strong passwords is one way to protect your data by confirming whether a person is allowed access to network resources. But the security provided by password-based authentication only goes so far. Additional mechanisms such as challenge-response tests like CAPTCHA offer a bit more security by preventing intrusions conducted by automated software, but those can be cracked as well.
Authenticating a user's identity based on secrets adds yet another layer of security to these methods.
You've probably encountered secrets-based electronic authentication when banking online, for example. Just recently, my bank revamped how it verifies my identity when I log in. In addition to the standard account ID and password entry fields, I must now select a representative image (similar to how CAPTCHA works) and answer three "security questions" that determine if I am who I claim to be. If a hacker were to have possession of both my account ID and my password, the inability to provide answers to these questions would prevent this malicious person from accessing my account information.
Businesses and other organizations can prevent unauthorized network access by following the E-authentication recommendations provided by the NIST.
More from the Knowledge Network and IT Business Edge