Organizations providing online authentication services need to ensure that access is only provided to relevant authorized users in an effective and efficient way. BS 8626 is a new British Standard on how to design and operate an online user identification system. BS 8626 applies where the user initiates the process of identification/authentication for an online service supplied by an RP.
BS 8626 also describes various categories of authentication methods, together with their inherent vulnerabilities.
Note: BS 8626 does not give recommendations for single sign-on systems; digital identity federation schemes; password application managers and password generation software, and attributes sharing between organizations in a contractual relationship. The de-identification of data relating to digital identity is beyond the scope of this standard, but guidance on this is given in BS ISO/IEC 20889. This standard does not cover security controls in networks, intelligent computers, operating systems, application software and supporting utilities or input devices.
BS 8626 on online user identification systems is useful for:
BS 8626 covers customers in all sectors, particularly in financial services.
BS 8626 helps you to understand the categories of user identification systems. BS 8626 also provides details about the three types of user identification systems – knowledge-based, possession-based, and biometric-based. BS 8626 makes recommendations for selecting or enhancing your current user identification system.
In addition, BS 8626 highlights the inherent vulnerabilities of each category. BS 8626 provides recommended measures to mitigate the potential exploitation of these identified vulnerabilities.
BS 8626 also assists in the development of a risk mitigation strategy as part of developing a supporting performance management strategy and plan. BS 8626 provides recommendations and guidance for resolving cost challenges associated with running these systems.
Recommendations are given for establishing or revising an OUIS include: