When: May 06 2010 6:00 am
Presenting: Steven Furnell, Head of School of Computing, Plymouth University
As more varied and sensitive online services emerge, the requirement to verify user identity is an increasingly common experience for an ever-widening range of participants. This presentation considers the fundamental challenge of authenticating the user and ensuring that the right person is claiming the right identity. The available options can vary considerably, depending upon the device in use (and the resulting facilities available), the requirements of the service provider, and what the user will tolerate. In many cases, users lack the facilities to support anything beyond password or PIN approaches, whereas in other circumstances it is in the interests of the service provider to make specific provision for stronger approaches. Meanwhile, some sites persist with rather basic and poorly considered approaches, which do not promote or reinforce good practice to users, or set good examples to other service providers. The upshot is that the same user can encounter fundamentally different requirements, with their identity being validated to different degrees in scenarios that often link back to the same types of access and sensitive information.