Authentication is the act of confirming the identity of an entity, which may be a person or a computer programme.
In general, authentication techniques consist of the following classes:
1. Something the user knows: Using password or Personal Identification Number (PIN) to login is the most common knowledge-based (something you know) authentication method, for example, using password to login Hong Kong public library system for book reservation.
2. Something the user has, for example, smart card or ATM card.
3. Something the user is: A method by which a person's authentication information is generated by digitised measurements encoded value of a physiological characteristic. For example, use of fingerprint in e-Channel of Hong Kong Immigration.
Two-factor authentication is a security measure that uses a combination of two different factors for validating the identity and authority of a user. Typically, the first factor is "something user knows" (e.g. user ID and password) and the second factor is "something user has" (e.g. user's ATM card), or vice versa.
Three-factor / Multi-factor authentication is the use of three independent factors for authentication, for example, requiring a smart card, a password, and a biometric identifier. This provides superior security.
How to secure or protect your authentication?
For PIN or Password
1. Memorise your PIN and destroy your PIN at once;
2. Under no circumstances reveal the PIN to anyone;
3. Change the password immediately after first time log in, or using default password;
4. Using your Hong Kong Identity Card number, passport number, date of birth, telephone number or other easily accessible personal information as your PIN is not recommended;
5. Beware of peeping around you when you logon. The peepers may see you enter your username and password, and your logon credentials will be stolen;
6. Change the password at least once every 90 days;
7. If you suspect your password has been compromised, notify the system administrator immediately and change your password.
For Smart Card and Authentication Token
1. Keep your smart card / authentication token in a secure place, especially when it is not in use;
2. Keep your smart card / authentication token and your PIN separately;
3. Never write down your PIN on the smart card / authentication token or on anything usually kept with the smart card/authentication token;
4. Check your smart card / authentication token periodically to ensure it is always in your possession;
5. If your smart card / authentication token is lost or stolen, you should make a report to the concerned party immediately.
● English Version Only