Which of these security strategies: Biometric, certificates, non text passwords and signatures would best keep confidential and sensitive information safe? With increasing security breaches, threats and sophistication on the part of the attackers, which among these four (Biometric, certificates, non text passwords and signatures) should be used for organization protection?
The best strategy is not to only use one kind of security measure, but at least two. For example, I recently forgot my own password for one of my bank accounts, so I had to use password retrieval. To make sure I wasn't some hacker trying to get into my account and change my password, it not only asked for my username, but it also asked me one of my security questions which I had chosen upon signup, and only I would know the answer to. Funny thing is I had also forgotten which username I had chosen for that particular account, so it was asking me a question I had never chosen. Wound up having to use username retrieval, too, which it just sent me in an e-mail after I entered my account number and e-mail address.
But for your purposes, yes, you should use more than one strategy. For instance, you could ask them to not only enter their password, but follow it with a biometric detail, such as their fingerprint. Please note that occasionally fingerprint scanners won't work properly, and your client may have a headache trying to scan their finger.
A better option would probably be to either use certificates in addition to their non-text password, or signatures in addition to their non-text password, or maybe use three different types to be extra secure.
Hello,
Â
It is best to utilize every measure available when attempting to secure a system. If this presents a problem (e.g., hurts productivity), then two of the best methods for your particular needs should be chosen. All security strategies have flaws and are vulnerable. Security is only as good as those who have access to the system. Putting as many layers and checks between unauthorized individuals and sensitive information is the best policy regardless of how it is executed. Those layers could be technology or they could be people.
