Accessibility Links

Accessibility Links

Infosec
English 繁體版 简体版

Navigation Menu 1

General UsersYoungsters & StudentsParents and TeachersIT ProfessionalsSME
FAQ Search :
Change text size: Text Size: Default Size (A) Text Size: Larger (A) Text Size: Largest (A)
general user youngsters and students parents and teachers IT professionals sme

Navigation Menu 2

 

  

 
 

Securing Access Using e-Authentication

What is e-Authentication?

Electronic authentication (e-Authentication) is the process of establishing confidence in user identities presented electronically to an information system. This may involve verifying with what the user knows (e.g. password), what the user has (e.g. an ID card), and/or what the user is or does (e.g. fingerprint or written signature recognition). The greater the number of factors being verified, the higher the confidence can be established.


The objectives of this page are:

  • to promote the public awareness of the importance of e-Authentication in the cyber world;
  • to provide guidance for general users on protecting their personal interests in the conduct of e-Authentication;
  • to help businesses determine the appropriate assurance level associated with various electronic transactions and thereby their security requirements; and
  • to introduce common practices for IT professionals to develop secure e-Authentication solutions.

   Why concerns me?

The proliferation of electronic services, e.g. e-shopping, e-banking, e-learning, has underpinned changes in many aspects of our daily lives. People's awareness of the threats and associated risks can help minimise the chance of becoming a victim in identity theft incidents, or personal information, financial assets or sensitive information being stolen or misused by others.

Through the promotion of both the public and private organisations, it is seen that user awareness on information security has increased in recent years. However, the attacks pointing towards users are not diminishing in any way. Statistics extracted below helps illustrate the situation.

Fraud Alerts

HKMA's alerts to public on suspicious fraudulent website, letters, email, telephone system from 2007 to 2015 are summarised below.


Year Fraud Alerts
2015 38
2014 42
2013 25
2012
25
2011 21
2010 17
2009 13
2008 12
2007 33

The fraud cases are not limited to website only. There were also reports on fraudulent letters purporting to be issued by authorised institutions; fraudulent telephone banking system purporting to be related to a legitimate bank; and fraudulent e-mail purporting to be sent from a legitimate bank requesting victims to link to fraudulent website.

There is a common misperception that only naive users will become victims of those attacks. However, attacks are just continually becoming more sophisticated and common in place that any less cautious or unsuspecting users may fall victim.

   How to protect your information and asset by e-Authentication?

 
 
     
Back back to topTop
 

Footer Menu

Sitemap | Contact Us | Privacy Policy | Important Notices
 
General Users Youngsters & Students Parents & Teachers IT Professionals SME