Is a digital watermark a legitimate authentication factor?

Identity management and access control expert Joel Dubin explores how reliable a digital watermark is when acting as a authentication factor.

Joel Dubin

What are digital watermarks, and are they legitimate authentication factors?

A digital watermark is a hidden seal that is embedded in a digital image, recording, document or even a Web page. It is created by making bit-level embedded code changes that are invisible to users, though some newer watermarking systems use cryptography that make it easier to catch those who try to make an illegal copy of the protected material. It is meant to prove authenticity, but as I'll explain, a digital watermark is not necessarily a legitimate authentication factor.

An authentication factor is something used to prove someone's identity, such as a user ID and password, a one-time...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

password (OTP) token or smart card. Biometric devices are another possibility; they measure a unique physical characteristic of a user, like their fingerprint, voice or face. The key difference is that an authentication factor is unique to the individual, while a digital watermark is unique to a piece of content. Also, an authentication factor is used for granting access, while a watermark is meant for tracking malicious use, like the illegal copying of copyrighted data.

On the surface, it might appear that a digital watermark embedded in an image in a Web site could be used to protect against phishing attacks. The hidden watermark could be used to identify a legitimate Web site, distinguishing it from a bogus phishing site used for stealing credentials.

But as with anything else on a Web page, the watermark -- especially if it is not encrypted -- could be lifted inadvertently by a clever phisher that builds a mirror image of a targeted Web site. Since the watermark identifies the site, not the user, it doesn't really identify anybody. So while digital watermarking can be an effective tool for protecting copyrighted digital media, it shouldn't be used for authenticating systems.

For more information:

To learn more about authentication, visit SearchSecurity.com's Identity and Access Management School.

In this SearchSecurity.com Q&A, Joel Dubin explores the differences of risk-based authentication vs. static authentication.

This was last published in April 2007

Dig Deeper on PKI and digital certificates

5 digital workspace components to look for The ideal digital workspace should handle a variety of tasks. By focusing on these five digital workspace components, IT pros can find the right platform to meet their needs.

steganography Steganography (pronounced STEHG-uh-NAH-gruhf-ee, from Greek steganos, or "covered," and graphie, or "writing") is the hiding of a secret message within an ordinary message and the extraction of it at its destination.

Can IT add digital watermarks to its virtual desktops? As part of a larger security strategy, watermarking virtual desktops can help IT discourage data leakage by adding user-specific text to each desktop.

Do two-factor authentication vulnerabilities outweigh the benefits? Two-factor authentication vulnerabilities are a real concern, but should they deter enterprises from deploying 2FA? Expert Michael Cobb discusses.

Security Think Tank: Your sensitive information is at risk The rapid rise in cyber espionage highlights the need to rethink data security strategies to improve protection of intellectual property. But what is the best way of doing that?

The advantages of digital watermarking in enterprise data protection Expert Michael Cobb explains the advantages of digital watermarking and analyzes whether improved data security is one of them.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Please create a username to comment.

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

How to evaluate CASB tools for multi-cloud deployments

4 SD-WAN vendors integrate with AWS Transit Gateway

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

3 networking startups rearchitect routing

Shell, Halliburton, Unibap AB execs share real-world AI strategies

What's the difference between RPA and IPA?

The technological evolution of IT industry leaders: 2000 - 2020

Microsoft extends Office 365 benefit to nonprofit volunteers

Cut through confusion of the digital workspace market

Windows 10 issues top list of most read stories for IT pros

Review these Azure Service Bus best practices

Instill cloud change management best practices

How much cloud does an IT disaster recovery plan need?

FCO to boost cloud analysis setup

Tories plan electronic visa waiver for EU citizens

Dutch government must sort IT mess as priority

Dig Deeper on PKI and digital certificates

Related Q&A from Joel Dubin

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.