Abstract :
Nearly all websites that maintain user-specific accounts employ passwords to verify that a user attempting to access an account is, in fact, the account holder. However, websites must still be able to identify users who can´t provide their correct password, as passwords might be lost, forgotten, or stolen. In this case, users will require a form of secondary authentication to prove that they are who they say they are and regain account access. Websites can use a variety of secondary authentication. The article discusses secondary authentication mechanisms, emphasizing the importance of assembling an arsenal of mechanisms that meet users´ security and reliability needs.
Keywords :
Web sites; authorisation; message authentication; Websites; account access; password; secondary authentication; user security; user specific accounts; Access control; Authentication; Data privacy; Knowledge based systems; Reliability; Web services; authentication; password reset; passwords; security question; trustees;
