Difference between revisions of "Recovery"

From MgmtWiki
Jump to: navigation, search
(Context)
Line 4: Line 4:
  
 
==Context==
 
==Context==
The collection of [[Use Private Information]] by a [[Data Controller]] now necessitates the ability [[Authentication|Authenticate]] the [[User]] under a wide range of challenges, like:
+
The collection of [[User Private Information]] by a [[Data Controller]] now necessitates the ability [[Authentication|Authenticate]] the [[User]] under a wide range of challenges, like:
 
# Simplest of all the [[User]] needs to [[Authentication|Authenticate]] from time to time and on a variety of devices under less than ideal conditions where passwords are mistyped and [[Multi-factor Authentication|Alternate Authentication factors]] are lost or fail.
 
# Simplest of all the [[User]] needs to [[Authentication|Authenticate]] from time to time and on a variety of devices under less than ideal conditions where passwords are mistyped and [[Multi-factor Authentication|Alternate Authentication factors]] are lost or fail.
 
# More sever [[Recovery]] problems occur when the [[User]] has lost control of their account and needs it to be reset. The level of [[Authentication]] for these situation can be severely taxing to a user desperate for access to their accounts.
 
# More sever [[Recovery]] problems occur when the [[User]] has lost control of their account and needs it to be reset. The level of [[Authentication]] for these situation can be severely taxing to a user desperate for access to their accounts.

Revision as of 10:59, 1 September 2018

Full Title or Meme

The problem of giving and maintaining a continuing identity for a real-world person on a digital network.

Context

The collection of User Private Information by a Data Controller now necessitates the ability Authenticate the User under a wide range of challenges, like:

  1. Simplest of all the User needs to Authenticate from time to time and on a variety of devices under less than ideal conditions where passwords are mistyped and Alternate Authentication factors are lost or fail.
  2. More sever Recovery problems occur when the User has lost control of their account and needs it to be reset. The level of Authentication for these situation can be severely taxing to a user desperate for access to their accounts.
  3. When a Authentication factor like an alternate email or phone number is compromised, insecure Recovery methods themselves become a means of attack, especially since factors like phone number were never intended to be secure.[1]

Problems

Solutions


References

  1. Lily Hay Newman, PHONE NUMBERS WERE NEVER MEANT AS ID. NOW WE’RE ALL AT RISK (2018-08-25) Wired Magazine https://www.wired.com/story/phone-numbers-indentification-authentication