Issue No. 06 - November-December (2003 vol. 1)
Simson L. Garfinkel , Massachusetts Institute of Technology
<p>Email-Based Identification and Authentication (EBIA) is an emerging alternative to Public Key Infrastructure (PKI). Although EBIA has obvious weaknesses, it can still provide functional security when used within a limited context. This article presents background on personal identifiers and authentication techniques, shows why the misuse of the Social Security Number (SSN) as an authenticator has led in part to the emergence of identity theft, argues why EBIA overcomes many of the problems inherent in the use of SSNs without imposing the cost or usability burden associated with PKI, and presents best practices for using EBIA in a business or government context.</p>
EBIA, PKI, Email Security, Identity Theft, Social Security Numbers (SSNs)
S. L. Garfinkel, "Email-Based Identification and Authentication: An Alternative to PKI?," in IEEE Security & Privacy, vol. 1, no. , pp. 20-26, 2003.