Federated Identity Management (39.2.6)
Federated identity management (FIM) refers to multiple enterprises that let their users use the same identification credentials to gain access to the networks of all enterprises in the group. While FIM provides convenience to users and administrators, if the system is exploited by hackers, they will have access to many systems instead of just one.
Generally speaking, a federated identity links a subject’s electronic identity across separate identity management systems. This could enable access to several websites using the same social login credentials, for example.
The goal of federated identity management is to share identity information automatically across enterprise boundaries. From the individual user’s perspective, this means a single sign-on to multiple networks.
It is imperative that organizations scrutinize the identifying information that is shared with partners, even within the same corporate group. The sharing of social security numbers, names, and addresses may allow identity thieves the opportunity to steal this information from a partner with weak security to perpetrate fraud. The most common way to protect federated identity is to tie user identity to authorized devices such as workstations and phones.
Authentication Methods (39.2.7)
As we mentioned earlier, users prove their identity with a username or ID. In addition, users need to verify their identity by providing one of the following.
What You Know
Passwords, passphrases, or PINs are all examples of something that the user knows. Passwords are the most popular method used for authentication.
The terms passphrase, passcode, passkey, and PIN are all generically referred to as password. A password is a string of characters used to prove a user’s identity. If this string of characters relates back to a user (for instance, if it is their name, birthdate, or address), it will be easier for cybercriminals to guess this user’s password.
Several publications recommend that a password be at least eight characters in length. Users should not create a password that is so long that it is difficult to memorize, or conversely, so short that it becomes vulnerable to password cracking. Password complexity should include a combination of upper- and lowercase letters, numbers, and special characters.
Users need to use different passwords for different systems because if a criminal cracks the user’s password once, the criminal will have access to all of the user’s accounts. A password manager can help you create and use strong passwords—and makes it unnecessary for you to remember so many complex passwords.
Smart cards and security key fobs are both examples of things that users have in their possession that can be used for authentication purposes.
A smart card is a small plastic card, about the size of a credit card, with a small chip embedded in it. The chip is an intelligent data carrier, capable of processing, storing, and safeguarding data. Smart cards contain private information, such as bank account numbers, personal identification, medical records, and digital signatures, using encryption to keep data safe while providing a means to authenticate.
A security key fob is a device that is small enough to attach to a keyring. In most cases, security key fobs are used for two-factor authentication (2FA), which is much more secure than a username and password combination.
For example, let’s say you want to access your e-banking, which uses two-factor authentication. First, you enter your username (identification). Then you enter the password, which is your first authentication factor. After that, you need a second means of authentication, because the system uses 2FA. You enter a PIN to your security fob, and it displays a number. This proves that you have physical access to this device, which was issued to you. This number is the second factor. You then enter it to log in to the e-banking account.