--:-- --
↓ Scroll for more

Unit 9.2

Unauthorized Access and Protection

IT 231: IT and Application

🎯 Learning Objectives

By the end of this session, you will be able to:

  • ✅ Define what constitutes unauthorized access.
  • ✅ Describe the three main types of authentication factors.
  • ✅ Explain the importance of strong passwords and two-factor authentication (2FA).

🔍 The Core Problem: Unauthorized Access

Unauthorized Access: The act of gaining access to a computer system, network, or data without permission.

This is a major security threat that can lead to:

  • Data Theft (personal, financial, corporate)
  • Identity Fraud & Financial Loss
  • System Damage or Disruption

🛡️ Our Defense: Access Control & Authentication

Access Control

The process of restricting who can access a resource.

It's like having a lock on your door.

Authentication

The process of verifying a user's identity.

It's the key that opens the lock.

Access control is the goal; authentication is the method.

📊 The Three Factors of Authentication

Authentication relies on verifying one or more "factors" to prove your identity.

1. Something You Know

Information only you should know.

Examples:

  • Password
  • PIN

2. Something You Have

A physical object in your possession.

Examples:

  • ATM Card
  • Security Token

3. Something You Are

A unique physical trait (biometrics).

Examples:

  • Fingerprint
  • Face ID

🧠 Factor 1: Something You Know

This is the most common factor, but often the weakest link in security.

🤔 Discussion: What makes a password "strong"?

  • Length (12+ characters)
  • Complexity (upper, lower, numbers, symbols)
  • Uniqueness (not reused across sites)

📱 Factor 2: Something You Have

This factor requires you to possess a physical item to prove your identity.

Physical Tokens

  • ATM / Smart Cards
  • Hardware Security Keys (e.g., YubiKey)
  • Company ID Badges

Digital/Virtual Tokens

  • One-Time Passwords (OTP) sent to your phone
  • Authenticator App codes (Google Authenticator, Authy)

🧬 Factor 3: Something You Are

Biometrics: Authentication using unique physical or behavioral characteristics.

Common Examples

  • Fingerprint Scans
  • Facial Recognition (Face ID)
  • Iris or Retina Scans
  • Voice Recognition

Privacy Concerns?

What are the risks if your biometric data is stolen? Unlike a password, you can't change your fingerprint!

⚡ Level Up: Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA): A security method that requires two different factors to verify a user's identity.

Combining factors creates a layered, much stronger defense.

Example: Password (Know) + Code from Phone (Have) = Strong Security

Even if a hacker steals your password, they can't log in without your phone!

🌍 Practical 2FA in Nepal

You probably use 2FA every day without realizing it!

Banking & Digital Wallets

Logging into eSewa, Khalti, or your bank's app often requires:

  • Your password/MPIN (something you know)
  • An OTP sent to your Ncell/NTC number (something you have)

Government & Social Media

Securing your accounts on Nagarik App, Facebook, or Gmail:

  • Your password (something you know)
  • A code from an authenticator app or SMS (something you have)

📝 Summary & Key Takeaways

  • Unauthorized access is gaining entry without permission and is a serious threat.
  • Authentication is how we verify a user's identity to prevent this.
  • The three authentication factors are something you know, have, or are.
  • Two-Factor Authentication (2FA) provides the strongest security by combining two different factors.

Thank You!

Any Questions?

Next Topic: Unit 9.3 - Malware and Social Engineering

Back to IT 231 Course Page