digital certificate

Effectiveness of Digital Certificate based authentication

Authentication is the process of validating the identity of someone or something. In most of the web applications authentication is done using user names and passwords. However this method of authentications does not provide adequate security to the application because of guessable passwords and common user names like combination of first and last name of the user.

 To strengthen the authentication process, authentication factors have been evolved. They come under 3 categories.

1. Something you know- PIN numbers, Passwords etc

2. Something you have- Tokens, Soft cards, Digital certificates etc

3. Something you are- Fingerprint, Facial/Voice pattern etc

Alice and Bob are happy with Certificate Pinning

How safe do you feel while transferring money through online banking or using online/mobile applications for paying utility bills or doing any internet activities? Most of the times I would receive the answer - YES. If I ask why? The common answer would be,

My information is being sent over encrypted channel i.e. SSL/TLS. So, no one will be able to see it or decrypt it. The SSL certificate is issued by trusted CA.

This really needs attention because we are providing sensitive information to process our transactions like card information, CVV, personal information, passwords etc. 

Above answer may not hold true always. A number of incidents have happened resulting in compromise of user's sensitive information. Before going into the details let first see what CA is?

Subscribe to RSS - digital certificate