Authentication (Cambridge (CIE) IGCSE ICT)

Zero login & biometrics

• Allows a user to login without using a username & password

• Uses biometric data (fingerprint, face, gestures) to create a profile of a user so that they can log in without having to authenticate each time

• Convenient for devices when users need to log in frequently throughout the day e.g. smartphones

• If compromised, biometric data cannot be changed

• Biometric recognition can be less than perfect and lead to failed login attempts and user frustration

Magnetic stripe

• Magnetic stripe contains unique data used to authenticate a user e.g. ID, name & date of birth

• When swiped through a magnetic card reader, details are used to identify a user

• Easy and cheap to setup

• Cards can be used to access multiple systems

• Cards can be remotely deactivated

• Magnetic stripes can wear

• Card readers must be maintained

• Less secure than biometrics (easy copied)

Smart cards

• Enhances a magnetic stripe cards with the addition of a microchip to create a contactless card

• Microchip stores additional information such as a pin to add extra layer of security

• Data in encrypted

• More secure than magnetic stripe cards

• Multi-purpose

• Transactions can be much faster

• More expensive to manufacture

• Lack of compatibility can cause inconvenience

Physical tokens

• A physical device used to authenticate a user remotely

• The device generates a random one time password (OTP) that a user must type in

• Banks may ask customers to insert their bank card into the device and use the OTP to access internet banking

• OTPs change after a few minutes

• Very secure

• Inconvenient to the user as they need a physical device, card and login credentials to access one site

Electronic tokens

• Software token generated by an app

• App generates OTPs

• Users authenticate in app e.g. fingerprint and OTP is generated

• Very secure

• More convenient