A recent survey done by Privacy Rights Clearinghouse shows that in the past five years 27.3 million Americans were victims of identity theft. The total cost of fraudulent activity in the year 2006 was $55.7 billion. A recent study by Symantec shows that the value of a stolen credit card can be bought for as little as $1 on the underground markets. A complete identity, including date of birth, US bank account, credit card, and a government issued identification number, can be purchased from $14 to $16 (Krebs 2007). Even when websites donít collect personal information, they can still hold useful data that helps a hacker get to their goal. Web 2.0 sites, a term that is used to describe social networking over the Internet, are being developed constantly and typically require usernames and passwords to keep track of users (Lassila & Hendler, 2007). These sites are often the target of attacks making security a top priority on these types of sites (Henry, 2007). When creating a website that requires authentication, the designer must keep in mind that passwords should be stored in an encrypted format. There must also be a password policy set before launching the site; this could include the password requirements as well as how the website and webmaster should control user passwords. The last decision to be made is how access will be granted to the users; this includes how they will provide credentials, how their credentials will be authenticated, and how to track the userís authentication from one page to another.
This document is in PDF format. To view it click here.