| 4.4 Access
11. Application Passport | |
|---|
| 4.4.11. Application Passport | | A number of people have learned basis security measures and correctly sign-in and sign-off each day. These people are rewarded with a passport application that sits on their desktop and in conjunction with other factors will enable that person to be signed in with two mouse clicks. | | People who create a security vulnerability by not signing-off are not rewarded with an active passport. |
| Tuition | | It is the responsibility of all parties to promote a secure method of working. This includes the requirement for people to learn that it is a security vulnerability if they do not press the sign-off icon on the top menu. | | The rapid sign-in passport is a means to reward people who have learned how to use the application service in a secure way. |
| Distribution | | The application passport is a desktop shortcut that is distributed by email. The user can drag the icon from the email to their desktop. | | With a click of the application passport and a click of the welcome icon, the user is rapidly signed into their branch welcome page. The benefit to the user is self-evident, but it will only work after they have correctly signed off their previous session. |
| Passport | | A desktop icon is clicked to open the persons private passport that shows a number of key factors including the date and time when they last signed in and last signed off. Where the person has correctly signed off after they signed in, then they are show a welcome icon - click the welcome icon and they are signed into a branch welcome page. Where the person has not signed off correctly, then they are shown a sign in icon that will open the normal sign in page. |
| Future | | Working with security industry engineers has shown that anything less than a 30 character pass phrase will become unacceptable in the next five years. This makes authentication a significant human interaction issue that is not going to get easier. | | Bespoke application services are used in very special ways that enable many internal layers of security to be implemented - these benefits enable an application passport to be offered to selected people using selected computers in selected locations between selected hours of the day and for selected days of the week. People who need a more flexible way of working may not be able to be offered the passport service and they will be obliged to continue with the normal sign in service. |
| Message 1 | | Thank you for securing your identity by signing off in the correct way, you are now signed in and may click your branch welcome icon below. |
| Message 2 | | Sorry but because you failed to sign off you are responsible for a security vulnerability where a criminal could steal your identity. This passport will be reactivated after you sign-in and sign-off in the correct way. |
| Environment | | A person who is offered a passport will work with a dedicated computer in a fixed location for certain hours of the day and certain days of the week. The person will login to their local computer using a company assigned password that is changed each month. The person will login to the Internet (proxy server) using a company assigned password that is fit-for-purpose. | | The person will be known to bespoke application services with local encrypted data that indirectly authenticates the person. When all factors are complete and correct, then sign-in is validated and the person is shown their branch welcome page. |
| Exceptions | | Where more than one person uses the same computer, the passport cannot be offered. Where a person works from more than one location, the passport will not work. Where a person works unpredictable hours of the day or days of the week, the passport will not work. |
|
|