Diapositive 6 sur 21
In the world of It, we spend a lot of money for protecting assets, and so we need to adjust the Authentication model as well.
More than 90% of all IT-Applications still use static username/password pairs for Authentication. So password theft and Password fraud are main problems we see here.
Legacy Applications can be leveraged by the use of One-Time Authentication Systems where, once the password has been used, it is invalid. As today, there are two ways in using these kind of mechanisms:
One-time Password Systems running in a Token (or a piece of Software on the PC) or,
very common for financial transactions:
Paper lists with transaction authorization numbers
By using this one-time Systems, we can avoid the usage of stolen identities in combination with passwords or Authorization Codes - assuming, that these systems are protected by the users (especially the paper lists).
With the upcoming usage of Public-key Cryptography, Consumers will get a digital certificate that can be stored in different ways:
on a Diskette or hard disk for the PC
or on a SmartCard
Storing Digital Certificates on a PC’s harddisk is less secure than storing them on a Credit Card type of Device, so in Europe we will see more and more Smartcard based Systems coming along.