In short, * You want to make sure the browsers people use are secure. In such transactions, much security is left up to the browser. Make sure up-to-date browsers are used. * Look for any time during the registration when the user information is transmitted in the clear. It should not be. * Does it depend on a password? Then it is only as strong as the passwords people use. Obvious ones? Guessable? * How does it handle repeated access failures (like someone trying to guess)? * Does it leave around any usable information on the browser system? If people use this at an airport kiosk, can someone immediately behind them access your system(s)? * Strength of encryption used. Is it better than 40 bit or 56 bit secret key crypto?
Dig Deeper on Web Authentication and Access Control
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.