Graynet-Security-Password





First, you understand "ID" and "Password".

"ID" is an identifier assigned by the provider of an information device or service to distinguish individual users.
You use "ID" in conjunction with "Password" in most services .

It is the same when you log in to Twitter or LINE.
Is there a service that we can use only with "ID"?

A password, on the other hand, is information that only the person to whom the ID is assigned knows, and is used for identity verification.
It's also a way to prove that "I registered properly by myself.".

These two types of information prevent unauthorized use of services by third parties.

Unfortunately, we don't completely prevent abuse...

If someone steals your eyes, you'll be impersonated!

This can change your impression of yourself unintentionally,
so be careful when managing "Password" and "ID"!

We've mentioned that you need to be careful about managing passwords and "ID" so you don't feel bad about being impersonated, but there are 3 effective ways to prevent unauthorized use:

Do not write down on paper!

Don't save to your PC!

Don't tell anyone!

It's been said that "Change passwords frequently", but it's getting more and more troublesome, and people end up with "I'll change the password, but it's the same as before." or "something simple" so it's not recommended much.

However, if you can make it solid every time, it will be a very effective means.
(Made by "Team Graynet")

Next is "Two-factor authentication".

First, it authenticates with an ID and a password, and then it authenticates with an authentication code or a one-time password delivered to a smartphone.
※This is how "Two-factor authentication" works.

"Two-factor authentication" is a system to use the service more safely by verifying the identity as well as ID and password.
As the "certain services" has recently made headlines, "Two-factor authentication" is a great way to prevent unauthorized use.

The mechanism for generating a password that is valid only once is called "Token". Tokens are tokens, but there are various tokens.
"○○ token"What is it?
Software TokenYou install a special application on your PC or smartphone.
Hardware TokenThe password is displayed on a card keychain device.
There is also a service to send a one-time password using SMS .
There is also a service that you can register a phone number and confirm a one-time password by automatic voice over the phone.

The common features of the (One Time) password obtained in the two-step authentication are as follows: As the name suggests, once used, the password is disabled.
So you don't have to worry about leaking the password to a third party after you use it.

So "Two-factor and multi-factor authentication".

In addition to two-step authentication, there is another type called "Two-factor authentication and multi-factor authentication". In addition to "ID" and "Password", biometric information such as "fingerprint" and "retina" is used.

The difference between the two is
whether there is a "same authentication method" or not.

For example:
"ID and Password" + "ID and Password" → "two-step authentication"
"ID and Password" + "Other than ID and password (Biological information, etc.)" → "Two-factor authentication and multi-factor authentication"
Therefore, two-factor and multi-factor authentication are more secure than two-factor authentication.

Let's be careful not to mix up.

Then to encrypted communication.


※"s" in "https://" is "secure".

Do you ever feel like you don't want to know what you're looking at?
"SSL" and "TLS" make your wishes come true!

"SSL" stands for "Security Sockets Layer"
"TLS" stands for "Transport Layer Security"
It is a mechanism that encrypts the communication between the browser and the server and prevents the contents sent or received by a third party from being viewed or altered.
The URL for the Web page where they are deployed is similar to "https://......".

Also, in Google Chrome, Internet Explorer, and other browsers, when you visit a page that has "SSL" installed, a lock appears near the "address bar" button, and you can click on it to check "Certificate of the SSL server".

Authentication Level 1
(Domain Authentication)		Authentication Level 2
(Business Authentication)		Authentication Level 3
(EV Authentication)
Target"Person and Business""business""business"
ReliabilityLow!Middle.High!
Site UsageCampaign Site
Inquiry forms, etc.		Membership sites
Online shopping sites, etc.		Membership sites
Online shopping sites
Corporate sites, etc.
CostLow(990yen~)(42350yen~)high...?(54450yen~)
OthersSpeed up the screening processWe can prove the existence of a businessThe address bar will change
and boost the level of reliability

※Made in さくらのSSL

SSL server certificate? WHAT'S THAT?

I'm glad you asked. Let me explain!

The type and cost of the certificate will vary depending on the assurance level based on the review of the website operator's identity.
The higher the level, the stricter the screening and the longer it takes to issue the certificate.
The maximum authentication level is 3, and once authenticated, the address bar changes color to "Green" to make the site more secure.
However, the certificate has an expiration date.
Certification level 3 is valid for 1 year and some of them cost more than 100,000 yen.

I can't afford it.

Summary

  • The password and ID, the two pieces of information, and the mechanism prevent unauthorized use of the service by third parties. (Not entirely.)
  • There are 3 effective ways to prevent unauthorized use: "Don't write it down on paper, don't store it on your PC, don't tell people.". It's been said that "Change passwords frequently" but it's getting less and less recommended because many people end up making it the same or easier than before.
  • "Token"...A mechanism to generate a password that is valid only once.
  • "Two-factor authentication"...It is a system to use the service safely by confirming the identity as well as ID and password.
    It will help prevent unauthorized use.
  • "Two-factor and multi-factor authentication"...Authenticate using different elements.
  • Two-factor authentication and multi-factor authentication are more secure than two-step authentication.
  • "SSL" and "TLS"...It encrypts communications between the browser and the server to prevent the content sent and received by third parties from being viewed or altered.

Next, I recommend you to learn "Society5.0" of "Future world"!


Learn about "fraud"

Go the present world