Friday, July 04, 2008

Online Portals

An increasing number of online government applications use the NRIC numbers of users as login IDs. The online portal will normally log the users out after a fixed number of unsuccessful login attempts and therein lies the flaw in the system. As the entire concept of the online portal is premised on the belief that NRIC numbers are supposed to be confidential, only to be known to the user, once the NRIC No. of a user is made known either inadvertently or not to a third party with malicious intents, the third party may deliberately keys in the password wrongly so as to log out the genuine user and renders him inconvenience in spending time and effort to reset his password from the portal administrator.

No comments :

Total Pageviews