Tuesday, December 15, 2009

Identity proofing

When studying for the SY0-201 Security+ exam, you'll see this objective: "Explain the difference between identification and authentication."  This directly relates to identity proofing. 

Identity proofing is done during the identification process prior to issuing credentials. An account within a network isn't just given to anyone that asks for one, but instead a user must provide some type of identification first.  Within a company, identification is provided by the individual when they are hired.  The HR department may then introduce the new hire and ask for an account to be created.  

A second use of identity proofing is performed after credentials have been issued. For example, online banks often ask for more information on a user (such as street they grew up on, first pet's name, middle name of oldest sibling, and so on.) Later, if the user is doing online banking from a different compuer than they normally use, the Web site may recognize this and challenge the user to provide more than just their user name and password. 

Good luck with your studies.

Darril Gibson
Author CompTIA Security+: Get Certified Get Ahead