IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [identity]

Identity is the property of an object which allows it to be uniquely specified.

Identity allows you to specify a specific object or individual out of a group of objects or individuals.

For example: If Ann asks Bob to move a rock, she may specify the specific rock from rocks in the general area by:

  • pointing her finger at the rock
  • describing the rock's size, shape and color
  • giving map coordinates of the intended rock.

For people an ambiguous specification is a person's name which may not be unique. There may be more than one Ann or even more than one Ann Baker. For computer systems individuals are usually give a unique username, so that the use of a username is unambiguous.

232 questions
10
votes
1 answer

Is it possible to "reverse engineer" identicons?

As shown in this question, default user avatars (like mine) are identicons and are generated with the user's email (where provided) or the user's IP address (where the email is not provided). Given any identicon and information of whether it was…
user203478
9
votes
2 answers

Is there a reason why IMEI is stored in EEPROM?

I've heard that IMEI numbers are stored on an EEPROM, essentially letting them be erased and rewritten. Thieves misuse it to make stolen phones untraceable. Is there a reason why manufacturers don't use one-time programmable non-volatile memory for…
Pradyumna
  • 205
  • 2
  • 4
9
votes
5 answers

Can we have https without certificates?

I apologize in advance if I am fundamentally misunderstanding something, but is it possible to have encrypted communication protocols (https, I suppose) without resorting to a certificate system? This questions comes regarding the EFF/Mozilla…
sharedphysics
  • 103
  • 1
  • 1
  • 4
8
votes
4 answers

Is 'Bring your own Identity' as the only authentication option a valid practice?

This question is mainly aimed at OpenID Connect, when it is fully realized. I understand the aversion to signing in with a social networking site, but from what I understand about OIDC, its supposed to finally allow developers to simply implement…
Andrew Hoffman
  • 1,987
  • 14
  • 17
8
votes
5 answers

How to verify new accounts against a known persons database?

I need to (try to) solve the problem of new account creation for a patient portal for a medical records system (electronic health record). That is, a way to activate a patient online and match her against her medical chart. Let's assume that most…
Don Zacharias
  • 193
  • 4
8
votes
1 answer

Passport copy is being used to defraud others - what can I do?

I was an idiot and sent my passport and address to a scam artist I was hoping to rent an apartment from abroad. Luckily, I realized the trickery before sending anything else or any money. Unfortunately, the person is now using my passport and photos…
sad renter
  • 81
  • 1
  • 2
8
votes
6 answers

Secure Internet Polling

In the United States, there has been a lot of talk about creating a secure polling system that would operate over the internet. I have also heard that Securing a poll over the Internet is impossible. The system would need to be secure enough that…
deuseldorf
  • 193
  • 5
8
votes
1 answer

How can I limit the consequences of a possible future identity theft?

I am curious about how I can limit the consequences of an identity theft. I see a lot of discussion and advice about managing passwords securely or blocking malware. But what if it happens? What if one or more of my digital identities get…
Henk Koning
  • 81
  • 1
8
votes
5 answers

How to protect myself online from the government?

I need something trusted and secure. I need to make “onion layers security” with the most secure and hard to hack/crack software. How to protect yourself from the government on the internet? I’m from Russia and I need to post a few documents and…
user77680
  • 95
  • 5
8
votes
6 answers

Should I use a cryptograpically secure random number generator when I generate IDs?

It is common to generate random identifiers to expose through an API instead of using a simple auto incrementing primary key. The reasons are many: Prevents easy enumeration. Does not give away order objects were created. Does not give away total…
Anders
  • 64,406
  • 24
  • 178
  • 215
7
votes
1 answer

User IDs containing URIs

When adding a User ID to your OpenPGP key, you are typically asked (for example by GnuPG) to provide a name, a comment, and an email address (where each part is optional). This format (Name (Comment) ) is described by RFC 4880,…
unor
  • 1,769
  • 1
  • 19
  • 38
7
votes
2 answers

What is the exact difference between SAMLp and WS-Trust?

They seem to be similar on the surface, but I'm not sure how deep the differences are. Can someone explain to me the difference between SAMLp and WS-Trust? ADFSv2 gives me a choice between these options and I'm not sure which to choose.
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
7
votes
2 answers

Best practices for verifying a users identity for helpdesk

I had a conversation today and someone challenged me as to why you would need to verify the identity of a user calling a service desk with anything other than their company email. Granted, I know these can be spoofed, but the upper-level executive…
user2041774
  • 71
  • 1
  • 2
7
votes
3 answers

What is the difference between the many identifiers in GnuPG?

GnuPG seems to have number of different ways to refer to a (sub)key(pair): Key IDs Fingerprints Keygrips Additionally, gpg --list-sigs seems to show hexadecimal identifiers for signatures and such as well. Sometimes such IDs are abbreviated. All…
jotik
  • 221
  • 1
  • 7
7
votes
4 answers

Bank account number and account holder in check exposed?

I'm not sure if this is standard practice in all banking institutions but almost all banks where I've received checks the account number of the issuer is exposed (some even the account name). Isn't this information considered confidential? If not…
IMB
  • 2,888
  • 6
  • 28
  • 42
1 2
3
15 16