0

hi, i have a system ans it is that users logs in with username and password ..

and this is a risk since users can log in with others account.. now as a mitigation(avoid the risk) i listed that users can log in using finger print.

now i have to list a contingency action (if risk happens what to do ) ... what can i do if risk happen (users logs in with others account ??)

2
Contributors
5
Replies
6
Views
5 Years
Discussion Span
Last Post by sufyan2011
0

You can do it as following:

When creating user profile, (if user is required to give fingerprints) after taking the finger print, match it with already stored finger prints in database (finger print is unique for every person in world), if finger print matches with any finger print in DB, it means person has more than one account in your system. Attach the new user account with previously stored finger print database. Rule of thumb, There should be only one finger print for all user accounts for singer person.

Some time to mitigate the risk, we have to take some pre-cautions. We have to narrow down our system rules.

Hope this would help.

0

thanks .. but the risk is that users logs in with outer users account (user name and password) .. if this risk happens what can i do ??

since the finger print is a suggestion to minimize the risk ..

0

Well in this case, if you recongnise user has more than one account and user is not login with his primary account from where s/he supposed to be logon. You can raise expcetion/ show message/ that you are not login with your primary account and you cannot use the system. It depends on your business logic.

0

thanks .. this case is of a supermarket where customers lo in with their user name and password .and as a risk i listed that they can log in with others user name and password

0

I don't know that you are working for any company and is this professional project or a school assignment? But each super store has a single customer profile. e.g. if you know Best Buy, PC Richard or Walmart the big stores in USA. They make customer profile and this profile is based on customer ID (Driving License) or SSN (Social Security Number). Each customer has unique ID and SSN so there could be NO duplicate customer profile.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.