Securing Access Using e-Authentication
What is e-Authentication?
Electronic authentication (e-Authentication) is the process of establishing confidence in user identities presented electronically to an information system. This may involve verifying with “what the user knows” (e.g. password), “what the user has” (e.g. ID card), and/or “what the user is or does” (e.g. fingerprint or written signature recognition). The greater the number of factors being verified, the higher the confidence can be established.
The objectives of this page are:
- to promote public awareness of the importance of e-Authentication in the cyber world;
- to provide guidance for general users on protecting their personal interests in the conduct of e-Authentication;
- to help businesses determine the appropriate assurance level associated with various electronic transactions and their security requirements; and
- to introduce common practices for IT professionals to develop secure e-Authentication solutions.
Why concerns me?
The proliferation of electronic services, e.g. e-shopping, e-banking, e-learning, has underpinned changes in many aspects of our daily lives. Public awareness of the threats and associated risks can help minimise the chance of becoming a victim in identity theft incidents, or personal information, financial assets or sensitive information being stolen or misused by others.
Through the promotion of both the public and private organisations, it is seen that user awareness on information security has increased in recent years. However, the attacks pointing towards users are not diminishing in any way. The situation can be revealed in the frequent alerts from the Hong Kong Monetary Authority (HKMA) to the public on fraud cases (link to HKMA’s website).
The fraud cases are not limited to websites only. There were also reports on fraudulent letters purporting to be issued by authorised institutions, fraudulent telephone banking systems purporting to be related to a legitimate bank, and fraudulent emails purporting to be sent from a legitimate bank requesting victims to link to the fraudulent website.
There is a common misperception that only naive users will become victims of those attacks. However, attacks are just continually becoming more sophisticated and common in place that any less cautious or unsuspecting users may fall victim.
How to protect your information and asset by e-Authentication?