On the user devices, there are many requirements that organizations should put on devices to ensure ID theft is minimized. Only when the requirements are met should a user gain access to the network. Some of these requirements could include:

• Anti-virus software is installed and up-to-date.
• Spyware and Trojan checking software is installed.
• Latest operating system and patches are installed.
• Device is approved for entry.

Other things that could be checked, depending on the situation, are network configuration settings, domain and registry settings, and open ports on the device.

To minimize ID theft, security needs to start at the end point, and only when the end-point is secure should users be allowed to proceed with entering user names and passwords.

Preventing others from using your identity

A big step that organizations can do to ensure that trust is established between users and applications is to implement stronger authentication methods. The most basic authentication methods are very easy to break, even for novice hackers and password cracking tools, but enforcing strong one-factor authentication, coupled with two- or three-factor authentication can virtually guarantee ID theft is minimized due to the sensitive and unique nature of the authentication methods.


Basic authentication requires users to input a username and a password, and everything will be available to them, including sensitive and confidential information. But making the distinction on how users authenticate is a big step in stopping sensitive information being stolen. For example, an organization could set the policy that if a user uses one-factor authentication, they will only have access to the most basic information, such as e-mail, but if the user uses higher levels of authentication then more applications and data will be available to them, such as e-mail, sales systems, purchasing systems, etc.

A large percentage of stolen data comes from unhappy employees who leave backdoors open to themselves where they only need the right username and password to get access to everything, after they have left the organization. With two-factor authentication, requiring the user to own a unique possession, such as PDA, mobile phone, or hardware token (usually a password generating device issued by a third party) , would make it much harder for disgruntled employees to hack their way back into systems to cause damage.

Highly sensitive systems could even require an extra level of protection adding in bio-metric authentication, where the user needs to use a physical attribute unique to them, such as their iris or finger print.