There are three ways a computer access control can verify that you have legitimate right of access. Some security systems use a mix of these techniques. The systems try to authenticate your identity by determining what you have what you know, or who you are.
# What you have cards, keys, signatures, badges: credit cards, debit cards, and cash machine cards all have magnetic strips or built in computer chips that identify you to the machine. Many require you to display your signature. Computer rooms are always kept locked, requiring a key. Many people also keep a lock on their personal computers. A computer room may also be guarded by security officers who must see an authorized signature if a badge with you photograph before letting you in.
Of course, credit cards, keys, and badges can be lost or stolen. Signatures can be forged. Badges can be counterfeited.
# What you know Pins, passwords, and digital signatures: to gain access to your bank, account through an automatic teller machine (ATM ), you key in your PIN. A PIN, or personal identification number, is the security number known only to you that is required to access the system. Telephone credit cards also use a pin. If your carry either an ATM or a phone card, never carry the PIN written down elsewhere in your wallet (even disguised).
# A password is a special word, code or symbol that is required to access a computer system. Passwords are one of the weakest security links, says AT&T security expert Steven Bellowing. Passwords can guess, forgotten, or stolen. To reduce a strangers guessing, Bellowing recommends never choosing a real word or variations of your name or birthdates or those of your friends or family. Instead you should mix letters, numbers, and punctuation marks in an oddball sequence of no fewer than eight characters. Skilled hackers may break into national computer networks and detect passwords as they are being used. Or they pose on the telephone as computer technicians to cajole passwords out of employees. They may even find access codes in discarded technical manuals in trash bins.
A new technology is the digital signature, which security experts hope will lead to a world of paperless commerce. A digital signature is a string of characters and numbers that a user signs to an electronic document being sent by his or her computer. The receiving computer performs mathematical operations on the alphanumeric string to verify its validity. The system works by using a public private key system. That is, the system involves a pair of numbers called a private key and a public key. One person creates the signature with a secret private key, and the recipient reads it with a second, public key. This process in effect notarizes the document and ensures its integrity,” says one writer.
For example, when you write your boss an electronic note, you sign it with your secret private key. (This could be some bizarre string beginning 479xy283 and continuing if for 25 characters.) When your boss receives the note, he or she looks up your public key. Your public key is available from a source such as an electronic bulletin board the postal service, or a corporate computer department. If the document is altered in any way, it will no longer produce the same signature sequence.
# Who you are physical traits: some forms of identification can’t be easily faked such as your physical traits. Biometrics tries to use these in security devices. Biometrics is the science of measuring individual body characteristics.
For example, before a number of university of Georgia students can use the all-you-can-eat plan at the campus cafeteria, they must have their hands read. As one writer describes the system, a camera automatically compares the shape of a student’s hand with an image of the same hand pulled from the magnetic strip of an ID card. If the patterns match, the cafeteria turnstile automatically clicks open. If the would-be moocher eats elsewhere.