Home  |  Abstract  |  Project Description  |  Project Goals  |  Risk
Risk
I m p a c t |
5 |
5 |
|
2 |
1 |
|
4 |
|
|
|
|
|
|
3 |
6 |
|
|
3 |
|
|
2 |
|
7 |
|
4 |
|
|
1 |
|
|
|
|
|
|
|
1 |
2 |
3 |
4 |
5 |
|
Probability |
No. |
Risk |
Mitigation |
1 |
Customer Trust Businesses and consumers may not trust an unknown company with their security needs. |
Conduct beta-testing with online accounts to certify the service. Emphasize the benefits that our service provides: secure, platform-agnostic access to multiple online accounts with virtual anonymity. |
2 |
Customer Sophistication Many users may not understand or be willing to use two-factor authentication. |
Ensure that we have a well-designed website with tutorials promoting the ease of use, security, and multi-account property of the authentication mechanism. Advertising campaigns are a possibility. Many companies already offer proprietary two-factor authentication systems, and their promotion of the technology will actually help us. |
3 |
Token Sales Dependency Relying on token sales to Internet users rather than fees from businesses could fail to provide sufficient revenue.
|
The tokens are intended to be loss leaders as we try to get them into the hands of as many users as possible. This should also increase the likelihood that businesses will adopt our service because it is free to early adopters. Once we obtain a sufficient volume of users to create a demand for our service among online vendors, our business plan calls for using this leverage to charge companies on a per user or per transaction basis. |
4 |
Viable Alternatives Viable and relatively inexpensive alternatives exist to reduce the password handling hassle, such as biometrics, software-based password managers, and proprietary two-factor authentication schemes.
|
Competition is a factor that we will address throughout the semester. Our position as a secure and inexpensive third party offering presents a compelling and unique benefit to both Internet users and online businesses that is as yet unmatched in the marketplace.
|
5 |
Token Loss CertAnon subscribers may be prevented from accessing their accounts due to token or server issues. |
Utilize 4 redundant geographically diverse servers. Provide temporary passwords as fallback authentication method. We would not be facing any more risk here than any other Internet service. |
6 |
Token Availability/Servers Inability of CertAnon to make tokens widely available throughout the United States or other markets.
|
Be flexible in the outlets through which we choose to make them available. We can also make them available online and offer Paypal as a payment option to limit the amount of personal information that we have to collect.
|
7 |
Government vs. Anonymity Government resistance to anonymity. (Anonymity may hinder law enforcement and national security concerns.)
|
Little opportunity for mitigation until we see what objections arise. Legal arguments made by encryption software providers would be relevant to our defense. |