ã¬ããŒãã®ã¿ã€ãã«ã®ãã¿ãã¬ã§ãããæ°ããªãªã¹ã¯ãšèŠå¶èŠä»¶ã®è
åšã«ããã匷åãªèªèšŒã®äœ¿çšãå¢å ããŠããŸããã
調æ»äŒç€ŸãJavelin Strategy & Researchãã¯ãã¬ããŒãã2019幎匷åãªèªèšŒã®çŸç¶ããçºè¡šããïŒ
äŒæ¥ããã³æ¶è²»è
åãã¢ããªã±ãŒã·ã§ã³ã«ãããèªèšŒã®çŸåšãéå»ãæªæ¥ã«èå³ãããæ¹ã¯ã©ãªãã§ãæè¿ã§ãã
翻蚳è
ãã
æ®å¿µãªããããã®ã¬ããŒããæžãããŠããèšèªã¯éåžžã«ãç¡å³ä¹Ÿç¥ãã§åœ¢åŒçã§ãã ãããŠãçãæã®äžã«ãèªèšŒããšããèšèã XNUMX åã䜿ãããŠããã®ã¯ã翻蚳è ã®æ²ãã£ãæ (ãŸãã¯é è³) ã§ã¯ãªããèè ã®æ°ãŸããã§ãã èªè ã«åæã«è¿ãæç« ãæäŸããããããŸãã¯ããèå³æ·±ãæç« ãæäŸããããã® XNUMX ã€ã®éžæè¢ãã翻蚳ãããšããç§ã¯æåã®æç« ãéžæããããšãããã°ãXNUMX çªç®ã®æç« ãéžæããããšããããŸããã ãããã芪æãªãèªè ã®çãããèŸæ±åŒ·ãåŸ ã£ãŠãã ããããã®ã¬ããŒãã®å 容ã«ã¯ããã ãã®äŸ¡å€ããããŸãã
ã¹ããŒãªãŒã«ãšã£ãŠéèŠã§ã¯ãªãäžèŠãªéšåãããã€ãåé€ãããŸãããããã§ãªããã°ã倧éšåãããã¹ãå šäœãç解ããããšãã§ããªãã£ãã§ãããã ã¬ããŒãããããŒã«ãããã§èªã¿ããæ¹ã¯ããªã³ã¯ãã¯ãªãã¯ããŠå ã®èšèªã§èªãããšãã§ããŸãã
æ®å¿µãªãããèè ã¯çšèªã«åžžã«æ³šæããŠããããã§ã¯ãããŸããã ãããã£ãŠãã¯ã³ã¿ã€ã ãã¹ã¯ãŒã (ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã - OTP) ã¯ããã¹ã¯ãŒãããšåŒã°ããããšãããã°ããã³ãŒãããšåŒã°ããããšããããŸãã èªèšŒæ¹æ³ã«é¢ããŠã¯ããã«æªãããšã§ãã èšç·ŽãããŠããªãèªè ã«ãšã£ãŠããæå·ããŒã䜿çšããèªèšŒããšã匷åãªèªèšŒããåããã®ã§ããããšãæšæž¬ããã®ã¯å¿ ããã容æã§ã¯ãããŸããã å¯èœãªéãçšèªãçµ±äžããããåªããŸããããå ±åæžèªäœã«ã¯çšèªã®èª¬æãæççã«èšèŒãããŠããŸãã
ããã«ããããããããã®ã¬ããŒãã«ã¯ãŠããŒã¯ãªç 究çµæãšæ£ããçµè«ãå«ãŸããŠãããããäžèªããããšã匷ããå§ãããŸãã
ãã¹ãŠã®æ°åãšäºå®ã¯ããããªå€æŽãªãã§æ瀺ãããŠããããããã«åæã§ããªãå Žåã¯ã翻蚳è ã§ã¯ãªãã¬ããŒãã®èè ãšè°è«ããããšããå§ãããŸãã ãããŠããããç§ã®ã³ã¡ã³ãã§ãïŒåŒçšãšããŠã¬ã€ã¢ãŠããããããã¹ãå ã§ããŒã¯ãããŠããŸãïŒ ã€ã¿ãªã¢ã®) ã¯ç§ã®äŸ¡å€å€æã§ãããããããã«ã€ã㊠(翻蚳ã®å質ã«ã€ããŠãåæ§ã«) åãã§è°è«ãããŠããã ããŸãã
ÐбзПÑ
ä»æ¥ã顧客ãšã®ã³ãã¥ãã±ãŒã·ã§ã³ã®ããžã¿ã« ãã£ãã«ã¯äŒæ¥ã«ãšã£ãŠãããŸã§ä»¥äžã«éèŠã«ãªã£ãŠããŸãã ãããŠç€Ÿå ã§ã¯ãåŸæ¥å¡éã®ã³ãã¥ãã±ãŒã·ã§ã³ããããŸã§ä»¥äžã«ããžã¿ã«å¿åã«ãªã£ãŠããŸãã ãããã®ããåãã®å®å šæ§ã¯ãéžæãããŠãŒã¶ãŒèªèšŒæ¹æ³ã«ãã£ãŠç°ãªããŸãã æ»æè ã¯åŒ±ãèªèšŒã䜿çšããŠãŠãŒã¶ãŒ ã¢ã«ãŠã³ãã倧èŠæš¡ã«ãããã³ã°ããŸãã ããã«å¿ããŠãèŠå¶åœå±ã¯äŒæ¥ã«ãŠãŒã¶ãŒã¢ã«ãŠã³ããšããŒã¿ã®ä¿è·ã匷åããããåºæºãå³æ ŒåããŠããã
èªèšŒé¢é£ã®è åšã¯æ¶è²»è åãã¢ããªã±ãŒã·ã§ã³ãè¶ ããŠåºãããæ»æè ã¯äŒæ¥å ã§å®è¡ãããŠããã¢ããªã±ãŒã·ã§ã³ã«ãã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã ãã®æäœã«ãããäŒæ¥ãŠãŒã¶ãŒã«ãªãããŸãããšãå¯èœã«ãªããŸãã èªèšŒã匱ãã¢ã¯ã»ã¹ ãã€ã³ãã䜿çšããæ»æè ã¯ãããŒã¿ãçãã ãããã®ä»ã®äžæ£è¡çºãå®è¡ãããããå¯èœæ§ããããŸãã 幞ããªããšã«ãããã«å¯ŸåŠããããã®å¯ŸçããããŸãã 匷åãªèªèšŒã¯ãã³ã³ã·ã¥ãŒã㌠ã¢ããªã±ãŒã·ã§ã³ãšãšã³ã¿ãŒãã©ã€ãº ããžãã¹ ã·ã¹ãã ã®äž¡æ¹ã«å¯Ÿããæ»æè ã«ããæ»æã®ãªã¹ã¯ãå€§å¹ ã«è»œæžããã®ã«åœ¹ç«ã¡ãŸãã
ãã®èª¿æ»ã§ã¯ãäŒæ¥ããšã³ããŠãŒã¶ãŒ ã¢ããªã±ãŒã·ã§ã³ãšäŒæ¥ããžãã¹ ã·ã¹ãã ãä¿è·ããããã«èªèšŒãã©ã®ããã«å®è£ ãããã«ã€ããŠèª¿æ»ããŸãã èªèšŒãœãªã¥ãŒã·ã§ã³ãéžæããéã«èæ ®ããèŠçŽ ã 匷åãªèªèšŒãçµç¹å ã§æãã圹å²ã ãããã®çµç¹ãåŸãããå©çã
ãµããªãŒ
äž»ãªèª¿æ»çµæ
2017 幎以éã匷åãªèªèšŒã®äœ¿çšãæ¥æ¿ã«å¢å ããŸããã åŸæ¥ã®èªèšŒãœãªã¥ãŒã·ã§ã³ã«åœ±é¿ãäžããè匱æ§ã®æ°ãå¢å ããŠãããããçµç¹ã¯åŒ·åãªèªèšŒã«ãã£ãŠèªèšŒæ©èœã匷åããŠããŸãã æå·åå€èŠçŽ èªèšŒ (MFA) ã䜿çšããçµç¹ã®æ°ã¯ãã³ã³ã·ã¥ãŒã㌠ã¢ããªã±ãŒã·ã§ã³ã§ã¯ 2017 å¹Žä»¥æ¥ 50 åã«å¢å ãããšã³ã¿ãŒãã©ã€ãº ã¢ããªã±ãŒã·ã§ã³ã§ã¯ XNUMX% è¿ãå¢å ããŸããã çäœèªèšŒã®å©çšå¯èœæ§ãé«ãŸã£ãŠããããšã«ãããã¢ãã€ã«èªèšŒãæãæ¥éã«æé·ããŠããŸãã
ããã«ã¯ããé·ãèœã¡ããŸã§ã¯ã人ã¯èªåãè¶ããããšã¯ãªãããšããããšãããäŸããããŠããŸãã å°é家ããã¹ã¯ãŒãã®å®å šæ§ã®å±éºæ§ã«ã€ããŠèŠåãããšããäºèŠçŽ èªèšŒã®å°å ¥ãæ¥ã人ã¯èª°ãããŸããã§ããã ããã«ãŒããã¹ã¯ãŒããçã¿å§ãããšããã«ã人ã 㯠XNUMX èŠçŽ èªèšŒãå®è£ ãå§ããŸããã
確ãã«ãå人㯠2FA ãããç©æ¥µçã«å°å ¥ããŠããŸãã ãŸããã¹ããŒããã©ã³ã«çµã¿èŸŒãŸããŠããçäœèªèšŒã«é Œãããšã§ãäžå®ãåããããããªããŸãããå®éã«ã¯éåžžã«ä¿¡é Œæ§ãäœãã§ãã çµç¹ã¯ããŒã¯ã³ã®è³Œå ¥ã«è³éãè²»ãããããŒã¯ã³ãå®è£ ããããã®äœæ¥ (å®éã«ã¯éåžžã«åçŽã§ã) ãå®è¡ããå¿ èŠããããŸãã ãããŠç¬¬äºã«ãFacebook ã Dropbox ãªã©ã®ãµãŒãã¹ããã®ãã¹ã¯ãŒãæŒæŽ©ã«ã€ããŠæžããªãã®ã¯æ ãè ã ãã§ããããããã®çµç¹ã® CIO ã¯ããããªãç¶æ³ã§ãã£ãŠããçµç¹å ã§ãã¹ã¯ãŒããã©ã®ããã«çãŸããã (ãããŠæ¬¡ã«äœãèµ·ãã£ãã®ã) ã«ã€ããŠã®è©±ãå ±æããããšã¯ãããŸããã
匷åãªèªèšŒã䜿çšããªãäŒæ¥ã¯ãããžãã¹ã顧客ã«å¯Ÿãããªã¹ã¯ãéå°è©äŸ¡ããŠããŸãã çŸåšåŒ·åãªèªèšŒã䜿çšããŠããªãäžéšã®çµç¹ã¯ããã°ã€ã³ãšãã¹ã¯ãŒããæãå¹æçã§äœ¿ãããããŠãŒã¶ãŒèªèšŒæ¹æ³ã® XNUMX ã€ãšã¿ãªãåŸåããããŸãã èªåãææããããžã¿ã«è³ç£ã®äŸ¡å€ãç解ããŠããªã人ãããŸãã çµå±ã®ãšããããµã€ããŒç¯çœªè ã¯ããããæ¶è²»è æ å ±ãäŒæ¥æ å ±ã«èå³ãæã£ãŠããããšãèæ ®ãã䟡å€ããããŸãã åŸæ¥å¡ã®èªèšŒã«ãã¹ã¯ãŒãã®ã¿ã䜿çšããŠããäŒæ¥ã® XNUMX åã® XNUMX ã¯ãä¿è·ããæ å ±ã®çš®é¡ã«ã¯ãã¹ã¯ãŒãã§ååã§ãããšèããŠãããããããããŠããŸãã
ãããããã¹ã¯ãŒãã¯å¢å ŽãŸã§è¡ãéäžã§ãã çµç¹ãåŸæ¥ã® MFA ãšåŒ·åãªèªèšŒã®äœ¿çšãå¢ããã«ã€ããŠãéå» 44 幎éã§ã³ã³ã·ã¥ãŒã㌠ã¢ããªã±ãŒã·ã§ã³ãšãšã³ã¿ãŒãã©ã€ãº ã¢ããªã±ãŒã·ã§ã³ã®äž¡æ¹ã§ãã¹ã¯ãŒããžã®äŸå床ã倧å¹
ã«äœäžããŸãã (ãããã 31% ãã 56%ã47% ãã XNUMX%)ã
ããããç¶æ³å
šäœãèŠããšãäŸç¶ãšããŠè匱ãªèªèšŒæ¹æ³ãè延ããŠããŸãã ãŠãŒã¶ãŒèªèšŒã«ã¯ãçŽ 5 åã® XNUMX ã®çµç¹ã SMS OTP (ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã) ãšã»ãã¥ãªãã£ã®è³ªåã䜿çšããŠããŸãã ãã®çµæãè匱æ§ãé²ãããã«è¿œå ã®ã»ãã¥ãªãã£å¯Ÿçãå®è£
ããå¿
èŠããããã³ã¹ããå¢å ããŸãã ããŒããŠã§ã¢æå·ããŒãªã©ãããå®å
šãªèªèšŒæ¹æ³ã®äœ¿çšé »åºŠã¯ã¯ããã«äœããçµç¹ã®çŽ XNUMX% ã§äœ¿çšãããŠããŸãã
é²åããèŠå¶ç°å¢ã«ãããæ¶è²»è ã¢ããªã±ãŒã·ã§ã³ãžã®åŒ·åãªèªèšŒã®å°å ¥ãå éãããšäºæ³ãããŸãã PSD2 ã®å°å ¥ããEU ããã³ã«ãªãã©ã«ãã¢å·ãªã©ç±³åœã®ããã€ãã®å·ã«ãããæ°ããããŒã¿ä¿è·èŠåã®å°å ¥ã«ãããäŒæ¥ã¯ãã®ç±æãæããŠããŸãã 70% è¿ãã®äŒæ¥ãã顧客ã«åŒ·åãªèªèšŒãæäŸãããšãã匷ãèŠå¶å§åã«çŽé¢ããŠããããšã«åæããŠããŸãã äŒæ¥ã®åæ°ä»¥äžã¯ãæ°å¹Žä»¥å ã«èªç€Ÿã®èªèšŒæ¹æ³ãèŠå¶åºæºãæºãããªããªããšèããŠããŸãã
ããã°ã©ã ããµãŒãã¹ã®ãŠãŒã¶ãŒã®å人ããŒã¿ã®ä¿è·ã«å¯Ÿãããã·ã¢ãšã¢ã¡ãªã«ã»ãšãŒãããã®è°å¡ã®ã¢ãããŒãã®éãã¯æããã§ãã ãã·ã¢äººã¯ããèšããŸãïŒèŠªæãªããµãŒãã¹ãªãŒããŒã®çããã奜ããªããšã奜ããªããã«ããŠãã ããããã ãã管çè ãããŒã¿ããŒã¹ãããŒãžããå Žåã¯ãç§ãã¡ãããªãã眰ããŸãã æµ·å€ã§ã¯ã次ã®ãããªäžé£ã®æªçœ®ãè¬ããªããã°ãªããªãããšèšãããŠããŸãã èš±ããªã ããŒã¹ãææ°ŽããŸãã ãã®ãããå³æ Œãª XNUMX èŠçŽ èªèšŒã®èŠä»¶ãããã§å®è£ ãããŠããŸãã
確ãã«ãç§ãã¡ã®ç«æ³æ©é¢ããã€ãæ£æ°ã«æ»ã£ãŠè¥¿åŽã®çµéšãèæ ®ã«å ¥ããªããªããšããããšã¯ã決ããŠäºå®ã§ã¯ãããŸããã ãã®åŸããã·ã¢ã®æå·åæšæºã«æºæ ãã 2FA ãå šå¡ãæ©æ¥ã«å®è£ ããå¿ èŠãããããšãå€æããŸããã
匷åãªèªèšŒãã¬ãŒã ã¯ãŒã¯ã確ç«ãããšãäŒæ¥ã¯èŠå¶èŠä»¶ãæºããããšãã顧客ã®ããŒãºãæºããããšã«çŠç¹ã移ãããšãã§ããŸãã äŸç¶ãšããŠåçŽãªãã¹ã¯ãŒãã䜿çšããŠããããSMS çµç±ã§ã³ãŒããåä¿¡ããŠââããçµç¹ã«ãšã£ãŠãèªèšŒæ¹æ³ãéžæããéã®æãéèŠãªèŠçŽ ã¯ãèŠå¶èŠä»¶ãžã®æºæ ã§ãã ãããããã§ã«åŒ·åãªèªèšŒã䜿çšããŠããäŒæ¥ã¯ã顧客ãã€ã€ã«ãã£ãé«ããèªèšŒæ¹æ³ã®éžæã«éç¹ã眮ãããšãã§ããŸãã
äŒæ¥å ã§äŒæ¥èªèšŒæ¹æ³ãéžæããå ŽåãèŠå¶èŠä»¶ã¯éèŠãªèŠçŽ ã§ã¯ãªããªããŸããã ãã®å Žåãçµ±åã®å®¹æã (32%) ãšã³ã¹ã (26%) ã®æ¹ãã¯ããã«éèŠã§ãã
ãã£ãã·ã³ã°ã®æ代ãæ»æè ã¯äŒæ¥ã¡ãŒã«ã䜿ã£ãŠè©æ¬ºãè¡ãå¯èœæ§ããããŸãã ããŒã¿ãã¢ã«ãŠã³ã (é©åãªã¢ã¯ã»ã¹æš©ä»ã) ã«äžæ£ã«ã¢ã¯ã»ã¹ããããåŸæ¥å¡ã«èªåã®ã¢ã«ãŠã³ãã«ééãããã説åŸãããããããšãããããŸãã ãããã£ãŠãäŒæ¥ã®é»åã¡ãŒã« ã¢ã«ãŠã³ããšããŒã¿ã« ã¢ã«ãŠã³ãã¯ç¹ã«ãã£ãããšä¿è·ããå¿ èŠããããŸãã
Google ã¯åŒ·åãªèªèšŒãå®è£ ããããšã§ã»ãã¥ãªãã£ã匷åããŠããŸãã 2 幎以äžåãGoogle 㯠FIDO U85F æšæºã䜿çšããæå·åã»ãã¥ãªã㣠ããŒã«åºã¥ã 000 èŠçŽ èªèšŒã®å®è£ ã«é¢ããã¬ããŒããçºè¡ããçŽ æŽãããçµæãå ±åããŸããã å瀟ã«ããã°ãXNUMX 人ãè¶ ããåŸæ¥å¡ã«å¯ŸããŠãã£ãã·ã³ã°æ»æã¯äžåºŠãå®è¡ãããŠããŸããã
æèš
ã¢ãã€ã«ããã³ãªã³ã©ã€ã³ ã¢ããªã±ãŒã·ã§ã³ã«åŒ·åãªèªèšŒãå®è£ ããŸãã æå·ããŒã«åºã¥ãå€èŠçŽ èªèšŒã¯ãåŸæ¥ã® MFA æ¹æ³ãããã¯ããã«åªãããããã³ââã°ã«å¯Ÿããä¿è·ãæäŸããŸãã ããã«ãæå·ããŒã䜿çšãããšããã¹ã¯ãŒããã¯ã³ã¿ã€ã ãã¹ã¯ãŒããçäœèªèšŒããŒã¿ãªã©ã®è¿œå æ å ±ã䜿çšããŠãŠãŒã¶ãŒã®ããã€ã¹ããèªèšŒãµãŒããŒã«è»¢éããå¿ èŠããªããããéåžžã«äŸ¿å©ã§ãã ããã«ãèªèšŒãããã³ã«ãæšæºåãããšãæ°ããèªèšŒæ¹æ³ãå©çšå¯èœã«ãªã£ããšãã«ãã®å®è£ ãã¯ããã«ç°¡åã«ãªããå®è£ ã³ã¹ããåæžãããããé«åºŠãªè©æ¬ºã¹ããŒã ããä¿è·ãããŸãã
ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã (OTP) ã®å»æ¢ã«åããŠãã ããã ãµã€ããŒç¯çœªè ããœãŒã·ã£ã« ãšã³ãžãã¢ãªã³ã°ãã¹ããŒããã©ã³ã®ã¯ããŒã³äœæããã«ãŠã§ã¢ã䜿çšããŠãããã®èªèšŒæ段ã䟵害ããã«ã€ããŠãOTP ã«åºæã®è匱æ§ããŸããŸãæããã«ãªã£ãŠããŠããŸãã ãŸããå Žåã«ãã£ãŠã¯ OTP ã«ç¹å®ã®å©ç¹ããããšããŠããããã¯ãã¹ãŠã®ãŠãŒã¶ãŒãæ®éçã«å©çšã§ãããšãã芳ç¹ããã®ã¿ã§ãããã»ãã¥ãªãã£ã®èŠ³ç¹ããã¯ããã§ã¯ãããŸããã
SMS ãããã·ã¥éç¥ã§ã³ãŒããåä¿¡ããããã¹ããŒããã©ã³çšã®ããã°ã©ã ã䜿çšããŠã³ãŒããçæãããããããšã¯ãåãã¯ã³ã¿ã€ã ãã¹ã¯ãŒã (OTP) ã®äœ¿çšã§ããããã®äœ¿çšã®æåŠã«åããå¿ èŠãããããšã«æ°ã¥ããªãããã«ã¯ãããŸããã æè¡çãªèŠ³ç¹ããèŠããšããã®è§£æ±ºçã¯éåžžã«æ£ãããã®ã§ãããªããªããéšããããããŠãŒã¶ãŒããã¯ã³ã¿ã€ã ãã¹ã¯ãŒããèãåºãããšããªãè©æ¬ºåž«ã¯çšã ããã§ãã ãããããã®ãããªã·ã¹ãã ã®ã¡ãŒã«ãŒã¯ãæåŸãŸã§æ¶ãããæè¡ã«ããã¿ã€ããšæããŸãã
匷åãªèªèšŒãããŒã±ãã£ã³ã° ããŒã«ãšããŠäœ¿çšããŠã顧客ã®ä¿¡é Œãé«ããŸãã 匷åãªèªèšŒã¯ãããžãã¹ã®å®éã®ã»ãã¥ãªãã£ãåäžãããã ãã§ã¯ãããŸããã ããžãã¹ã§åŒ·åãªèªèšŒã䜿çšããŠããããšã顧客ã«ç¥ãããããšã§ããã®ããžãã¹ã®ã»ãã¥ãªãã£ã«å¯Ÿããäžè¬ã®èªèã匷åã§ããŸããããã¯ã匷åãªèªèšŒæ¹æ³ã«å¯Ÿãã顧客ã®éèŠã倧ããå Žåã«éèŠãªèŠçŽ ã§ãã
äŒæ¥ããŒã¿ã®åŸ¹åºçãªã€ã³ãã³ããªãšéèŠæ§è©äŸ¡ãå®æœããéèŠæ§ã«å¿ããŠããŒã¿ãä¿è·ããŸãã 顧客ã®é£çµ¡å æ å ±ãªã©ã®ãªã¹ã¯ã®äœãããŒã¿ã§ãã£ãŠã (ãããæ¬åœã«ãå ±åæžã«ã¯ãäœãªã¹ã¯ããšæžãããŠããŸããããã®æ å ±ã®éèŠæ§ãéå°è©äŸ¡ããŠããã®ã¯éåžžã«å¥åŠã§ãïŒãè©æ¬ºåž«ã«å€å€§ãªäŸ¡å€ããããããäŒç€Ÿã«åé¡ãåŒãèµ·ããå¯èœæ§ããããŸãã
匷åãªãšã³ã¿ãŒãã©ã€ãºèªèšŒã䜿çšããŸãã å€ãã®ã·ã¹ãã ãç¯çœªè ã«ãšã£ãŠæãé åçãªæšçãšãªã£ãŠããŸãã ãããã«ã¯ãäŒèšããã°ã©ã ãäŒæ¥ããŒã¿ ãŠã§ã¢ããŠã¹ãªã©ã®å éšã·ã¹ãã ãã€ã³ã¿ãŒãããã«æ¥ç¶ãããã·ã¹ãã ãå«ãŸããŸãã 匷åãªèªèšŒã«ãããæ»æè ã«ããäžæ£ã¢ã¯ã»ã¹ãé²æ¢ãããã©ã®åŸæ¥å¡ãæªæã®ãã掻åãè¡ã£ãã®ããæ£ç¢ºã«å€æããããšãå¯èœã«ãªããŸãã
匷åãªèªèšŒãšã¯äœã§ãã?
匷åãªèªèšŒã䜿çšããå ŽåããŠãŒã¶ãŒã®ä¿¡é Œæ§ãæ€èšŒããããã«ããã€ãã®æ¹æ³ãŸãã¯èŠçŽ ã䜿çšãããŸãã
- ç¥èèŠçŽ : ãŠãŒã¶ãŒãšãŠãŒã¶ãŒã®èªèšŒããããµããžã§ã¯ãéã®å ±æç§å¯ (ãã¹ã¯ãŒããç§å¯ã®è³ªåãžã®åçãªã©)
- ææèŠå : ãŠãŒã¶ãŒã®ã¿ãææããããã€ã¹ (ã¢ãã€ã« ããã€ã¹ãæå·ããŒãªã©)
- æŽåæ§ä¿æ°: ãŠãŒã¶ãŒã®ç©çç (å€ãã®å Žåã¯çäœèªèšŒ) ç¹æ§ (æçŽãè¹åœ©ã®ãã¿ãŒã³ã声ãè¡åãªã©)
ããŸããŸãªèŠçŽ ããã€ãã¹ãŸãã¯æ¬ºãã«ã¯ãèŠçŽ ããšã«è€æ°ã®çš®é¡ã®ãããã³ã°æŠè¡ã䜿çšããå¿ èŠããããããè€æ°ã®èŠçŽ ããããã³ã°ããå¿ èŠããããšãæ»æè ã倱æããå¯èœæ§ãå€§å¹ ã«é«ãŸããŸãã
ããšãã°ã2FAããã¹ã¯ãŒã + ã¹ããŒããã©ã³ãã䜿çšãããšãæ»æè ã¯ãŠãŒã¶ãŒã®ãã¹ã¯ãŒãã調ã¹ãã¹ããŒããã©ã³ã®ãœãããŠã§ã¢ã®æ£ç¢ºãªã³ããŒãäœæããããšã§èªèšŒãå®è¡ã§ããŸãã ãããŠãããã¯åã«ãã¹ã¯ãŒããçããããã¯ããã«å°é£ã§ãã
ãã ãããã¹ã¯ãŒããšæå·åããŒã¯ã³ã 2FA ã«äœ¿çšãããŠããå Žåãããã§ã¯ã³ã㌠ãªãã·ã§ã³ã¯æ©èœããŸãããããŒã¯ã³ãè€è£œããããšã¯äžå¯èœã§ãã è©æ¬ºåž«ã¯ãŠãŒã¶ãŒãããã£ããããŒã¯ã³ãçãå¿ èŠããããŸãã ãŠãŒã¶ãŒãæéã®ãã¹ã«æ°ã¥ã管çè ã«éç¥ãããšãããŒã¯ã³ã¯ãããã¯ãããè©æ¬ºåž«ã®åªåã¯ç¡é§ã«ãªããŸãã ãã®ãããæææš©èŠçŽ ã§ã¯ãæ±çšããã€ã¹ (ã¹ããŒããã©ã³) ã§ã¯ãªããå°çšã®å®å šãªããã€ã¹ (ããŒã¯ã³) ã®äœ¿çšãå¿ èŠã«ãªããŸãã
XNUMX ã€ã®èŠçŽ ããã¹ãŠäœ¿çšãããšããã®èªèšŒæ¹æ³ã®å®è£ ã«éåžžã«ã³ã¹ãããããã䜿çšãéåžžã«äžäŸ¿ã«ãªããŸãã ãããã£ãŠãé垞㯠XNUMX ã€ã®èŠçŽ ã®ãã¡ XNUMX ã€ã䜿çšãããŸãã
äºèŠçŽ èªèšŒã®åçã«ã€ããŠããã«è©³ãã説æããŸã
ãã㧠ããXNUMX èŠçŽ èªèšŒã®ä»çµã¿ããããã¯ã§èª¬æããŸãã
匷åãªèªèšŒã§äœ¿çšãããèªèšŒèŠçŽ ã®å°ãªããšã XNUMX ã€ã¯å ¬éããŒæå·åã䜿çšããå¿ èŠãããããšã«æ³šæããããšãéèŠã§ãã
匷åãªèªèšŒã¯ãåŸæ¥ã®ãã¹ã¯ãŒããåŸæ¥ã® MFA ã«åºã¥ãåäžèŠçŽ èªèšŒãããã¯ããã«åŒ·åãªä¿è·ãæäŸããŸãã ãã¹ã¯ãŒãã¯ãããŒãã¬ãŒããã£ãã·ã³ã° ãµã€ãããŸãã¯ãœãŒã·ã£ã« ãšã³ãžãã¢ãªã³ã°æ»æ (被害è ãã ãŸãããŠãã¹ã¯ãŒããæããã«ããå Žå) ã䜿çšããŠçã¿èŠãããããååããããããå¯èœæ§ããããŸãã ããã«ããã¹ã¯ãŒãã®ææè ã¯çé£ã«ã€ããŠäœãç¥ããŸããã åŸæ¥ã® MFA (OTP ã³ãŒããã¹ããŒããã©ã³ãŸã㯠SIM ã«ãŒããžã®ãã€ã³ããå«ã) ããå ¬éããŒæå·åã«åºã¥ããŠããªããããéåžžã«ç°¡åã«ãããã³ã°ãããå¯èœæ§ããããŸã (ã¡ãªã¿ã«ãè©æ¬ºåž«ãåããœãŒã·ã£ã« ãšã³ãžãã¢ãªã³ã°ææ³ã䜿çšããŠããŠãŒã¶ãŒã«ã¯ã³ã¿ã€ã ãã¹ã¯ãŒããäžããããèªå°ããäŸã¯æ°å€ããããŸãã).
幞ããªããšã«ãæšå¹Žä»¥æ¥ã匷åãªèªèšŒãšåŸæ¥ã® MFA ã®äœ¿çšãã³ã³ã·ã¥ãŒã ã¢ããªã±ãŒã·ã§ã³ãšãšã³ã¿ãŒãã©ã€ãº ã¢ããªã±ãŒã·ã§ã³ã®äž¡æ¹ã§æ³šç®ãéããŠããŸãã æ¶è²»è åãã¢ããªã±ãŒã·ã§ã³ã«ããã匷åãªèªèšŒã®äœ¿çšã¯ãç¹ã«æ¥éã«å¢å ããŠããŸãã 2017 幎ã«ããã䜿çšããŠããäŒæ¥ã¯ããã 5% ã§ãããã2018 幎ã«ã¯ãã§ã« 16 åã® 2% ã«éããŠããŸããã ããã¯ãå ¬éããŒæå·å (PKC) ã¢ã«ãŽãªãºã ããµããŒãããããŒã¯ã³ã®å¯çšæ§ãå¢å ããããšã§èª¬æã§ããŸãã ããã«ãPSDXNUMX ã GDPR ãªã©ã®æ°ããããŒã¿ä¿è·èŠåã®å°å ¥ã«äŒŽã欧å·èŠå¶åœå±ããã®å§åã®å¢å€§ã¯ã欧å·å€ã«ã匷ã圱é¿ãåãŒããŠããŸã (ãã·ã¢ãå«ããŠ).
ãããã®æ°åã詳ããèŠãŠã¿ãŸãããã ã芧ã®ãšãããå€èŠçŽ èªèšŒã䜿çšããå人ã®å²åã¯ã幎é㧠11% ãšããå€§å¹ ãªå¢å ãèŠããŠããŸãã ãããŠãããã·ã¥éç¥ãSMSãçäœèªèšŒã®ã»ãã¥ãªãã£ãä¿¡ããŠãã人ã®æ°ã¯å€ãã£ãŠããªããããããã¯æããã«ãã¹ã¯ãŒãæ奜家ãç ç²ã«ããŠèµ·ãã£ãŠããŸãã
ããããäŒæ¥åãã®äºèŠçŽ èªèšŒã§ã¯ç¶æ³ã¯ããã»ã©è¯ããããŸããã ãŸããã¬ããŒãã«ãããšããã¹ã¯ãŒãèªèšŒããããŒã¯ã³ã«ç§»è¡ããåŸæ¥å¡ã¯ããã 5% ã§ããã 次ã«ãäŒæ¥ç°å¢ã§ä»£æ¿ MFA ãªãã·ã§ã³ã䜿çšãã人ã®æ°ã 4% å¢å ããŸããã
ç§ã¯ã¢ããªã¹ããæŒããŠãç§ãªãã®è§£éãããŠã¿ãŸãã å人ãŠãŒã¶ãŒã®ããžã¿ã«äžçã®äžå¿ã¯ã¹ããŒããã©ã³ã§ãã ãããã£ãŠã倧åã®äººããçäœèªèšŒãSMSãããã·ã¥éç¥ãã¹ããŒããã©ã³èªäœã®ã¢ããªã±ãŒã·ã§ã³ã«ãã£ãŠçæãããã¯ã³ã¿ã€ã ãã¹ã¯ãŒããªã©ãããã€ã¹ãæäŸããæ©èœã䜿çšããŠããã®ãäžæè°ã§ã¯ãããŸããã 䜿ãæ £ããããŒã«ã䜿çšãããšãã人ã ã¯éåžžãå®å šæ§ãä¿¡é Œæ§ã«ã€ããŠèããŸããã
ããããåå§çãªãåŸæ¥ã®ãèªèšŒèŠçŽ ã®ãŠãŒã¶ãŒã®å²åãå€ãããªãçç±ã§ãã ãããããããŸã§ãã¹ã¯ãŒãã䜿çšããŠãã人ã¯ãèªåãã¡ãã©ãã ãã®ãªã¹ã¯ãè² ã£ãŠããããç解ããŠãããããæ°ããèªèšŒèŠçŽ ãéžæãããšãã¯ãææ°ã§æãå®å šãªãªãã·ã§ã³ã§ããæå·ããŒã¯ã³ãéžæããŸãã
æ³äººåžå Žã§ã¯ãã©ã®ã·ã¹ãã ã§èªèšŒãè¡ãããããç解ããããšãéèŠã§ãã Windows ãã¡ã€ã³ãžã®ãã°ã€ã³ãå®è£ ãããŠããå Žåã¯ãæå·åããŒã¯ã³ã䜿çšãããŸãã 2FA ã«ãããã䜿çšããå¯èœæ§ã¯ Windows ãš Linux ã®äž¡æ¹ã«ãã§ã«çµã¿èŸŒãŸããŠããŸããã代æ¿ãªãã·ã§ã³ãå®è£ ããã«ã¯æéãããããå°é£ã§ãã ãã¹ã¯ãŒãããããŒã¯ã³ãžã® 5% ã®ç§»è¡ã¯ããã§çµããã§ãã
ãããŠãäŒæ¥æ å ±ã·ã¹ãã ã«ããã 2FA ã®å®è£ ã¯ãéçºè ã®è³æ Œã«å€§ããäŸåããŸãã ãŸããéçºè ã«ãšã£ãŠã¯ãæå·åã¢ã«ãŽãªãºã ã®åäœãç解ããããããã¯ã³ã¿ã€ã ãã¹ã¯ãŒããçæããæ¢è£œã®ã¢ãžã¥ãŒã«ã䜿çšããæ¹ãã¯ããã«ç°¡åã§ãã ãã®çµæãã·ã³ã°ã« ãµã€ã³ãªã³ãç¹æš©ã¢ã¯ã»ã¹ç®¡çã·ã¹ãã ãªã©ã®éåžžã«ã»ãã¥ãªã㣠ã¯ãªãã£ã«ã«ãªã¢ããªã±ãŒã·ã§ã³ã§ããOTP ã XNUMX çªç®ã®èŠçŽ ãšããŠäœ¿çšãããŸãã
åŸæ¥ã®èªèšŒæ¹æ³ã«ã¯å€ãã®è匱æ§ããã
å€ãã®çµç¹ãäŸç¶ãšããŠåŸæ¥ã®åäžèŠçŽ ã·ã¹ãã ã«äŸåããŠããäžæ¹ã§ãåŸæ¥ã®å€èŠçŽ èªèšŒã®è匱æ§ããŸããŸãæããã«ãªã£ãŠããŠããŸãã SMS çµç±ã§é ä¿¡ããããéåžž XNUMX ïœ XNUMX æåã®é·ãã®ã¯ã³ã¿ã€ã ãã¹ã¯ãŒãã¯ãäŸç¶ãšããŠæãäžè¬çãªèªèšŒåœ¢åŒã§ã (ãã¡ããããã¹ã¯ãŒãèŠçŽ ã¯å¥ã§ã)ã ãŸããäžè¬å ±éã§ãXNUMX èŠçŽ èªèšŒããŸãã¯ãXNUMX 段éèªèšŒããšããèšèãèšåãããå Žåãã»ãšãã©ã®å ŽåãSMS ã¯ã³ã¿ã€ã ãã¹ã¯ãŒãèªèšŒãæããŸãã
ããã§èè ã¯å°ãééã£ãŠããŸãã SMS çµç±ã§ã®ã¯ã³ã¿ã€ã ãã¹ã¯ãŒãã®é ä¿¡ã¯ããããŸã§ XNUMX èŠçŽ èªèšŒã§ã¯ãããŸããã§ããã ããã¯æãçŽç²ãªåœ¢ã§ã¯ XNUMX 段éèªèšŒã®ç¬¬ XNUMX 段éã§ããã第 XNUMX 段éã§ã¯ãã°ã€ã³åãšãã¹ã¯ãŒããå ¥åããŸãã
2016 幎ã«ç±³åœæšæºæè¡ç 究æ (NIST) ã¯èªèšŒã«ãŒã«ãæŽæ°ããSMS çµç±ã§éä¿¡ãããã¯ã³ã¿ã€ã ãã¹ã¯ãŒãã®äœ¿çšãæé€ããŸããã ããããæ¥çã®æè°ãåããŠããããã®èŠåã¯å€§å¹ ã«ç·©åãããŸããã
ããã§ã¯ããããããè¿œã£ãŠã¿ãŸãããã ã¢ã¡ãªã«ã®èŠå¶åœå±ã¯ãæ代é ãã®ãã¯ãããžãŒã§ã¯ãŠãŒã¶ãŒã®å®å šã確ä¿ã§ããªãããšãæ£ããèªèããŠãããæ°ããåºæºãå°å ¥ããŠããŸãã ãªã³ã©ã€ã³ããã³ã¢ãã€ã« ã¢ããªã±ãŒã·ã§ã³ (éè¡ã¢ããªã±ãŒã·ã§ã³ãå«ã) ã®ãŠãŒã¶ãŒãä¿è·ããããã«èšèšãããæšæºã æ¥çã¯ãçã«ä¿¡é Œã§ããæå·ããŒã¯ã³ã®è³Œå ¥ãã¢ããªã±ãŒã·ã§ã³ã®åèšèšãå ¬ééµã€ã³ãã©ã¹ãã©ã¯ãã£ã®å°å ¥ã«ã©ãã ãã®è³éãè²»ãããªããã°ãªããªãããèšç®ããŠããããåŸã足ã§ç«ã¡äžãããã€ã€ãããŸãã ãŠãŒã¶ãŒãã¯ã³ã¿ã€ã ãã¹ã¯ãŒãã®ä¿¡é Œæ§ã確信ããäžæ¹ã§ãNIST ã«å¯Ÿããæ»æããããŸããã ãã®çµæãåºæºãç·©åããããããã³ã°ããã¹ã¯ãŒã (ããã³éè¡ã¢ããªã±ãŒã·ã§ã³ããã®éé) ã®çé£ãæ¥å¢ããŸããã ããããæ¥çã¯è³éãã€ã蟌ãå¿ èŠã¯ãªãã£ãã
ãã以æ¥ãSMS OTP ã«åºæã®åŒ±ç¹ãããã«æããã«ãªããŸããã è©æ¬ºåž«ã¯ããŸããŸãªæ¹æ³ã䜿çšã㊠SMS ã¡ãã»ãŒãžã䟵害ããŸãã
- SIMã«ãŒãã®éè€ã æ»æè
㯠SIM ã®ã³ããŒãäœæããŸã (æºåž¯é»è©±äŒç€Ÿã®åŸæ¥å¡ã®å©ããåããŠããŸãã¯ç¬èªã«ç¹å¥ãªãœãããŠã§ã¢ãšãââãŒããŠã§ã¢ã䜿çšããŠ)ïŒã ãã®çµæãæ»æè
ã¯ã¯ã³ã¿ã€ã ãã¹ã¯ãŒããèšèŒããã SMS ãåä¿¡ããŸãã ç¹ã«æåãªã±ãŒã¹ã§ã¯ãããã«ãŒãä»®æ³é貚æè³å®¶ãã€ã±ã«ã»ã¿ãŒãã³ã® AT&T ã¢ã«ãŠã³ãã䟵害ãã24 äžãã«è¿ãã®ä»®æ³é貚ãçãããšããã§ããŸããã ãã®çµæãã¿ãŒãã³æ°ã¯ãSIMã«ãŒãã®è€è£œãåŒãèµ·ãããæ€èšŒæ段ãäžååã ã£ããããAT&Tã«é倱ããã£ããšè¿°ã¹ãã
é©ãã¹ãããžãã¯ã ã§ã¯ãæ¬åœã« AT&T ã ãã®ãããªã®ã§ããããïŒ ããããé信販売åºã®è²©å£²å¡ãéè€ãã SIM ã«ãŒããçºè¡ããã®ã¯ééããªãæºåž¯é»è©±äŒç€Ÿã®è²¬ä»»ã§ãã ä»®æ³é貚ååŒæã®èªèšŒã·ã¹ãã ã¯ã©ããªãã®ã§ããããïŒ ãªã匷åãªæå·ããŒã¯ã³ã䜿çšããªãã£ãã®ã§ãããã? å°å ¥ã«ãéããããã®ã¯æ®å¿µã§ãããïŒ ãã€ã±ã«èªèº«ã«è²¬ä»»ãããããããªãã®ïŒ ãªã圌ã¯èªèšŒã¡ã«ããºã ãå€æŽããããšããŸãã¯æå·ããŒã¯ã³ã«åºã¥ã XNUMX èŠçŽ èªèšŒãå®è£ ããååŒæã®ã¿ã䜿çšããããšã䞻匵ããªãã£ãã®ã§ãããã?
çã«ä¿¡é Œã§ããèªèšŒæ¹æ³ã®å°å ¥ãé ããŠããã®ã¯ããŠãŒã¶ãŒããããã³ã°ããåã«é©ãã¹ãäžæ³šæã瀺ãããã®åŸãèªåãã¡ã®åé¡ãå€ä»£ã®ãæŒæŽ©ãããèªèšŒæè¡ä»¥å€ã®èª°ãã®ããã«ããããã§ãã
- ãã«ãŠã§ã¢ã ã¢ãã€ã« ãã«ãŠã§ã¢ã®åæã®æ©èœã® XNUMX ã€ã¯ãããã¹ã ã¡ãã»ãŒãžãååããŠæ»æè
ã«è»¢éããããšã§ããã ãŸããææããã©ãããããããã¹ã¯ããã ããã€ã¹ã«ã¯ã³ã¿ã€ã ãã¹ã¯ãŒããå
¥åããããšããã©ãŠã¶ãŒæ»æãäžéè
æ»æã«ãã£ãŠã¯ã³ã¿ã€ã ãã¹ã¯ãŒããååãããå¯èœæ§ããããŸãã
ã¹ããŒããã©ã³äžã® Sberbank ã¢ããªã±ãŒã·ã§ã³ãã¹ããŒã¿ã¹ ããŒã®ç·è²ã®ã¢ã€ã³ã³ãç¹æ» ããããšãã¹ããŒããã©ã³äžã®ããã«ãŠã§ã¢ããæ¢ããŸãã ãã®ã€ãã³ãã®ç®æšã¯ãäžè¬çãªã¹ããŒããã©ã³ã®ä¿¡é Œã§ããªãå®è¡ç°å¢ããå°ãªããšãäœããã®åœ¢ã§ä¿¡é Œã§ããå®è¡ç°å¢ã«å€ããããšã§ãã
ã¡ãªã¿ã«ãã¹ããŒããã©ã³ã¯äœã§ãã§ããå®å šã«ä¿¡é Œã§ããªãããã€ã¹ã§ãããããèªèšŒã«ã¹ããŒããã©ã³ã䜿çšãããã XNUMX ã€ã®çç±ããããŸãã ããŒããŠã§ã¢ããŒã¯ã³ã®ã¿ãä¿è·ãããŠããããŠã€ã«ã¹ãããã€ã®æšéŠ¬ããä¿è·ãããŠããŸãã - ãœãŒã·ã£ã«ãšã³ãžãã¢ãªã³ã°ã è©æ¬ºåž«ã¯ã被害è
ã SMS çµç±ã§ OTP ãæå¹ã«ããŠããããšãç¥ããšãéè¡ãä¿¡çšçµåãªã©ã®ä¿¡é Œã§ããçµç¹ãè£
ãã被害è
ã«çŽæ¥é£çµ¡ããŠã被害è
ãéšããŠãåãåã£ãã°ããã®ã³ãŒããæäŸãããããšãã§ããŸãã
ç§èªèº«ã人æ°ã®ãªã³ã©ã€ã³ããªãŒããŒã±ãããªã©ã§ååã売ãããšããéã«ããã®çš®ã®è©æ¬ºã«äœåºŠãééããŸããã ç§èªèº«ããç§ãã ãŸãããšããè©æ¬ºåž«ãæãååãããããŸããã ããããæ²ããããšã«ããŸãå¥ã®è©æ¬ºåž«ã®è¢«å®³è ããäœãèããã«ã確èªã³ãŒããæããŠããŸããå€é¡ã®æ倱ã被ã£ãããšããã¥ãŒã¹ã§ããç®ã«ããŸããã ãããŠããã¯ãã¹ãŠãéè¡ãã¢ããªã±ãŒã·ã§ã³ã§ã®æå·ããŒã¯ã³ã®å®è£ ã«å¯ŸåŠããããªãããã§ãã çµå±ã®ãšãããäœããèµ·ãã£ãå Žåãã¯ã©ã€ã¢ã³ãã¯ãèªåèªèº«ã®è²¬ä»»ãè² ããããšã«ãªããŸãã
代æ¿ã® OTP é
ä¿¡æ¹æ³ã«ããããã®èªèšŒæ¹æ³ã®è匱æ§ã®äžéšã軜æžãããå¯èœæ§ããããŸãããä»ã®è匱æ§ã¯æ®ããŸãã ã¹ã¿ã³ãã¢ãã³ã®ã³ãŒãçæã¢ããªã±ãŒã·ã§ã³ã¯ããã«ãŠã§ã¢ã§ãã£ãŠãã³ãŒã ãžã§ãã¬ãŒã¿ãŒãšçŽæ¥å¯Ÿè©±ããããšãã»ãšãã©ã§ããªããããçèŽã«å¯Ÿããæåã®ä¿è·ãšãªããŸã (çå£ã«ïŒ ã¬ããŒãã®äœæè
ã¯ãªã¢ãŒãã³ã³ãããŒã«ã®ããšãå¿ããã®ã§ãããã?)ããã ã OTP ã¯ãã©ãŠã¶ã«å
¥åããããšååãããå¯èœæ§ããããŸã (ããšãã°ããŒãã¬ãŒã䜿çšããïŒããããã³ã°ãããã¢ãã€ã«ã¢ããªã±ãŒã·ã§ã³ãéããŠã ãŸãããœãŒã·ã£ã« ãšã³ãžãã¢ãªã³ã°ã䜿çšããŠãŠãŒã¶ãŒããçŽæ¥ååŸããããšãã§ããŸãã
ããã€ã¹èªèãªã©ã®è€æ°ã®ãªã¹ã¯è©äŸ¡ããŒã«ã®äœ¿çš (æ£èŠã®ãŠãŒã¶ãŒã«å±ããªãããã€ã¹ãããã©ã³ã¶ã¯ã·ã§ã³ãå®è¡ããããšããè©Šã¿ã®æ€åº)ãå°çäœçœ®æ
å ± (ã¢ã¹ã¯ã¯ã«æ¥ãã°ããã®ãŠãŒã¶ãŒãããã·ãã«ã¹ã¯ããæäœãå®è¡ããããšããŸããïŒãšè¡ååæã¯è匱æ§ã«å¯ŸåŠããããã«éèŠã§ãããã©ã¡ãã®è§£æ±ºçãäžèœè¬ã§ã¯ãããŸããã ç¶æ³ãããŒã¿ã®çš®é¡ããšã«ãªã¹ã¯ãæ
éã«è©äŸ¡ããã©ã®èªèšŒæè¡ã䜿çšããããéžæããå¿
èŠããããŸãã
èªèšŒãœãªã¥ãŒã·ã§ã³ã¯äžèœè¬ã§ã¯ãããŸãã
å³ 2. èªèšŒãªãã·ã§ã³ã®è¡š
èªèšŒ | èŠå | 説æ | äž»èŠãªèåŒ±æ§ |
ãã¹ã¯ãŒããŸãã¯PIN | ç¥è | åºå®å€ãæåãæ°åããã®ä»ã®æåãå«ããããšãã§ããŸãã | ååãã¹ãã€ãçé£ãæŸãäžãããããã³ã°ãããå¯èœæ§ããã |
ç¥èããŒã¹ã®èªèšŒ | ç¥è | æ£èŠãŠãŒã¶ãŒã®ã¿ãç¥ãåŸãçããåã質å | ãœãŒã·ã£ã«ãšã³ãžãã¢ãªã³ã°ææ³ã䜿çšããŠååãæŸãäžããååŸã§ãã |
ããŒããŠã§ã¢ OTP ( |
ææ | ã¯ã³ã¿ã€ã ãã¹ã¯ãŒããçæããç¹å¥ãªããã€ã¹ | ã³ãŒããååãããŠç¹°ãè¿ãããããããã€ã¹ãçãŸãããããå¯èœæ§ããããŸã |
ãœãããŠã§ã¢OTP | ææ | ã¯ã³ã¿ã€ã ãã¹ã¯ãŒããçæããã¢ããªã±ãŒã·ã§ã³ (ã¢ãã€ã«ããã©ãŠã¶çµç±ã§ã¢ã¯ã»ã¹ããŸãã¯é»åã¡ãŒã«ã§ã³ãŒããéä¿¡) | ã³ãŒããååãããŠç¹°ãè¿ãããããããã€ã¹ãçãŸãããããå¯èœæ§ããããŸã |
SMSOTP | ææ | ã¯ã³ã¿ã€ã ãã¹ã¯ãŒãã¯SMSããã¹ãã¡ãã»ãŒãžã§é ä¿¡ãããŸã | ã³ãŒããçãŸããŠç¹°ãè¿ãããããã¹ããŒããã©ã³ãSIMã«ãŒããçãŸããããSIMã«ãŒããè€è£œããããããå¯èœæ§ããããŸãã |
ã¹ããŒãã«ãŒã ( |
ææ | æå·ããããšãèªèšŒã«å ¬ééµã€ã³ãã©ã¹ãã©ã¯ãã£ã䜿çšããå®å šãªéµã¡ã¢ãªãæèŒããã«ãŒã | ç©ççã«çãŸããå¯èœæ§ããããŸã (ãã ããæ»æè 㯠PIN ã³ãŒããç¥ããªããã°ããã€ã¹ã䜿çšã§ããŸããã ééã£ãå ¥åãæ°åè©Šè¡ããããšãããã€ã¹ã¯ãããã¯ãããŸã) |
ã»ãã¥ãªã㣠ã㌠- ããŒã¯ã³ ( |
ææ | æå·åããããšãèªèšŒã«å ¬ééµã€ã³ãã©ã¹ãã©ã¯ãã£ã䜿çšããå®å šãªéµã¡ã¢ãªãåãã USB ããã€ã¹ | ç©ççã«çãŸããå¯èœæ§ããããŸã (ãã ããæ»æè 㯠PIN ã³ãŒããç¥ããªããã°ããã€ã¹ã䜿çšã§ããŸãããäœåºŠã誀ã£ãŠå ¥åããããšãããšãããã€ã¹ã¯ãããã¯ãããŸã)ã |
ããã€ã¹ãžã®ãªã³ã¯ | ææ | ãããã¡ã€ã«ãäœæããããã»ã¹ãå€ãã®å ŽåãJavaScript ã䜿çšããããCookie ã Flash å ±æãªããžã§ã¯ããªã©ã®ããŒã«ãŒã䜿çšããŠãç¹å®ã®ããã€ã¹ã䜿çšãããŠããããšã確èªããŸãã | ããŒã¯ã³ã¯çãŸãã (ã³ããŒããã) å¯èœæ§ããããåæ³çãªããã€ã¹ã®ç¹æ§ãæ»æè ã«ãã£ãŠãã®ããã€ã¹äžã§æš¡å£ãããå¯èœæ§ããããŸãã |
è¡å | åºææ§ | ãŠãŒã¶ãŒãããã€ã¹ãŸãã¯ããã°ã©ã ãšã©ã®ããã«å¯Ÿè©±ããããåæããŸã | è¡åã¯ç䌌ã§ãã |
æçŽ | åºææ§ | ä¿åãããæçŽã¯ãå åŠçãŸãã¯é»åçã«ååŸãããæçŽãšæ¯èŒãããŸãã | ç»åãçãŸããŠèªèšŒã«äœ¿çšãããå¯èœæ§ããã |
ã¢ã€ã¹ãã£ã³ | åºææ§ | è¹åœ©ãã¿ãŒã³ãªã©ã®ç®ã®ç¹æ§ãæ°ããå åŠã¹ãã£ã³ãšæ¯èŒããŸã | ç»åãçãŸããŠèªèšŒã«äœ¿çšãããå¯èœæ§ããã |
é¡èªè | åºææ§ | é¡ã®ç¹åŸŽãæ°ããå åŠã¹ãã£ã³ãšæ¯èŒ | ç»åãçãŸããŠèªèšŒã«äœ¿çšãããå¯èœæ§ããã |
é³å£°èªè | åºææ§ | é²é³ãããé³å£°ãµã³ãã«ã®ç¹åŸŽãæ°ãããµã³ãã«ãšæ¯èŒããŸã | èšé²ãçãŸããŠèªèšŒã«äœ¿çšããããããšãã¥ã¬ãŒããããå¯èœæ§ããããŸã |
åºçç©ã®åŸåã§ã¯ãååã§äžããããçµè«ãšæšå¥šäºé ã®åºç€ãšãªãæ°åãšäºå®ãšããæããããããã®ãç§ãã¡ãåŸ ã£ãŠããŸãã ãŠãŒã¶ãŒ ã¢ããªã±ãŒã·ã§ã³ãšäŒæ¥ã·ã¹ãã ã§ã®èªèšŒã«ã€ããŠã¯ãåå¥ã«èª¬æããŸãã
ãããåç
§ããŠãã ããïŒ
åºæïŒ habr.com