LogIn
Callback
Almost every day, in the home office or at the office, we start our PC. The first thing we do is authenticating ourselves, i.e. logging on to the system. To that end, we usually enter a User ID and a password. If these match those stored in the system, access to the system is granted.
The operating system manages this data in a more or less transparent manner. As users, we can use the tools provided by the operating system to manage user accounts. Users can also manage their passwords via operating system tools. And thus, no one within an organisation can decrypt the password.
The User ID and Password are entered in plain text when the user logs in. Thus, the operating system – and thus indirectly also the operating system manufacturer – receives this data.
Of course, we assume that the manufacturer handles the login data correctly. And yet, from a technical point of view, it would be possible to transfer this data to another server outside of your own network if the computer were connected to the Internet, for example.
The same applies, of course, not only to desktop operating systems, but also to all types of web services.
Various options are available to strengthen our control over authentication.
Optionen zur Verfügung, um mehr Kontrolle über die Authentifizierung zu erlangen.
2-factor authentication is often used for access control purposes. This requires a further "factor", such as a PIN, for authentication. In the case referred to, however, this procedure would not make any difference, since the second factor would indeed be stored in the system.
The only solution that could prevent misuse of the credentials would be authentication without a password. If no password is used, it cannot be misused. There are now various options for authentication without a password.
However, this usually requires a hardware token, e.g. with a USB interface, as well as a one-time registration. Users can determine their PIN using appropriate tools of the token manufacturer.
The digital ID card has been available for a number of years, but up until now has mainly been used for identification. It is estimated that by 2021 there will be over 40 million ID cards with an activated online ID function.
The authority of a state and the associated independence and security have been decisive in implementing authentication via the electronic identity card into our solution.
In doing so, we want to make our contribution to more digital sovereignty.
Pintexx GmbH
Schindersgrube 1
74388 Talheim
Germany
Phone: +49 7133 /95 79 59 - 0
Mail: info@pintexx.com
Cookies
We use cookies to personalize content and ads, to provide social media features and to analyze traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of the Services.
Collection of statistics on the use of the website (range measurement) and user statistics.
Tools that collect anonymous data about website usage and functionality. We use the insights to improve our offers, services and user experience.
Tools that collect anonymous data about website usage and functionality. We use the insights to improve our offers, services and user experience.
Google Analytics collects statistics about the use of the website. (distance measurement) Browser information (browser type, referring/exit pages, files viewed on our website, operating system, timestamp and/or clickstream data) Usage data (views, clicks) IP address (we have IP anonymization (hence - IP masking ) activated (your IP address, so that your IP address is shortened by Google in the EU and EEA before transmission, so that no other conclusions can be drawn about the person. Only this anonymous IP address is transmitted to Google.)
More details can be found here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
technically necessary cookies, which are a prerequisite for the functionality of the system and cannot be rejected.
Protects against cross-site request forgery attacks.
Saves the current PHP session.
more Infos
Privacy Policy