Authentication and authorization technologies can prevent identity theft,

phishing, and pharming scams. Authentication is a method for confirming

users$$ identities. Once a system determines the authentication of a user, it

can then determine the access privileges $($or authorization$)$ for that user.

Authorization is the process of providing a user with permission, including

access levels and abilities such as file access, hours of access, and amount

of allocated storage space. Authentication and authorization techniques fall

into three categories; the most secure procedures combine all three:

$1.$ Something the user knows, such as a user ID and password. The first

type of authentication, using something the user knows, is the most

common way to identify individual users and typically consists of a

unique user ID and password. However, this is actually one of the most

ineffective ways for determining authentication because passwords are

not secure$.$ All it typically takes to crack one is enough time. More than

$50$ percent of help$-$desk calls are password related, which can cost an

page $167$

organization significant money, and a social engineer can coax a

password from almost anybody.

$2.$ Something the user has, such as a smart card or token. The second

type of authentication, using something the user has, offers a much more

effective way to identify individuals than a user ID and password.

Tokens and smart cards are two of the primary forms of this type of

authentication. Tokens are small electronic devices that change user

passwords automatically. The user enters his or her user ID and tokendisplayed password to gain access to the network. A smart card is a

device about the size of a credit card containing embedded technologies

that can store information and small amounts of software to perform

some limited processing. Smart cards can act as identification

instruments, a form of digital cash, or a data storage device with the

ability to store an entire medical record.

$3.$ Something that is part of the user, such as a fingerprint or voice

signature. The third kind of authentication, something that is part of the

user, is by far the best and most effective way to manage authentication.

Biometrics $($narrowly defined$)$ is the identification of a user based on a

physical characteristic, such as a fingerprint, iris, face, voice, or

handwriting. A voiceprint is a set of measurable characteristics of a

human voice that uniquely identifies an individual. These characteristics,

which are based on the physical configuration of a speaker$$s mouth and

throat, can be expressed as a mathematical formula. Unfortunately,

biometric authentication such as voiceprints can be costly and intrusive.

Provide an example of each of the three primary information security areas

$(6$points$)$

$(1)$ authentication and authorization

Use this to answer your questions