Do you have any questions or need help?
Do not hesitate and call us:
Almost every day, in the home office or at the office, we start our PC. The first thing we do is authenticating ourselves, i.e. logging on to the system. To that end, we usually enter a User ID and a password. If these match those stored in the system, access to the system is granted.
The operating system manages this data in a more or less transparent manner. As users, we can use the tools provided by the operating system to manage user accounts. Users can also manage their passwords via operating system tools. And thus, no one within an organisation can decrypt the password.
The User ID and Password are entered in plain text when the user logs in. Thus, the operating system – and thus indirectly also the operating system manufacturer – receives this data.
Of course, we assume that the manufacturer handles the login data correctly. And yet, from a technical point of view, it would be possible to transfer this data to another server outside of your own network if the computer were connected to the Internet, for example.
The same applies, of course, not only to desktop operating systems, but also to all types of web services.
Various options are available to strengthen our control over authentication.
Optionen zur Verfügung, um mehr Kontrolle über die Authentifizierung zu erlangen.
2-factor authentication is often used for access control purposes. This requires a further "factor", such as a PIN, for authentication. In the case referred to, however, this procedure would not make any difference, since the second factor would indeed be stored in the system.
The only solution that could prevent misuse of the credentials would be authentication without a password. If no password is used, it cannot be misused. There are now various options for authentication without a password.
However, this usually requires a hardware token, e.g. with a USB interface, as well as a one-time registration. Users can determine their PIN using appropriate tools of the token manufacturer.
The digital ID card has been available for a number of years, but up until now has mainly been used for identification. It is estimated that by 2021 there will be over 40 million ID cards with an activated online ID function.
The authority of a state and the associated independence and security have been decisive in implementing authentication via the electronic identity card into our solution.
In doing so, we want to make our contribution to more digital sovereignty.
Technisch notwendige Cookies, die für die Funktionalität des Systems Voraussetzung sind und nicht abgelehnt werden können.
Schützt vor Cross-Site-Request-Forgery Angriffen.
Speichert die aktuelle PHP-Session.