Spotlight
Security Concerns
On this page:- How is my Digital ID Certificate/private key protected?
- How do I protect my Digital ID Certificate/private key?
- My computer was stolen. What should I do to protect my Digital ID Certificate?
- What if someone copies my Digital ID Certificate?
Your private key is protected in two ways:
- It is stored on your computer's hard drive so you can control access to it.
- When you generate your private key, the software you use (such as your browser) will probably ask you for a password. This password protects access to your private key. For Microsoft Explorer users, your private key is protected by your Windows password.
A third party can access your private key only by 1) having access to the file your key is stored in (which is usually part of your system's configuration information) and 2) knowing your private password. Some software permits you to choose to not have a password protect your private key. If you use this option, then you are trusting that no one, presently or in the future, will have unauthorized access to your computer.
In general, it is far easier to use a password then to completely safeguard your computer physically. Not using a password is like pre-signing all of the checks in your checkbook and then leaving it open on your desk.
Protect your computer from unauthorized access by keeping it physically secure. Use access control products or operating system protection features (such as a system password). Take measures to protect your computer from viruses, because a virus may be able to attack a private key. Always choose to protect your private key with a good password.
There are also two types of hardware devices available that are more secure than your hard drive for storing your private key. These are known as tokens (typically PCMCIA (Personal Computer Memory Card International Association) cards or special floppy disks) and smartcards. Contact your software vendor to see if it supports these devices.
It is your responsibility to protect your private key. Anyone who obtains your private key can forge your digital signature and take actions in your name!
If your computer is stolen and contains your NRC issued digital ID certificate, then you should revoke this certificate and enroll for a new certificate. Instructions for revoking your old digital ID certificate and enrolling for a new certificate are provided at the NRC website: Obtain a Digital ID Certificate.
If you are using Windows and Internet Explorer software and have followed recommended security procedures, then it is very unlikely that the thief will be able to use your digital ID certificate. Your certificate should be protected both by your Windows logon password and your VeriSign® certificate password.
What if someone copies my Digital ID Certificate?
To maintain security, your private key should be protected by a password and never sent across any network. You want your digital ID certificate (which contains your public key) to be available to other users so that they can verify your right to use the digital certificate, decrypt messages that you have encrypted with your private key, and verify your digital signatures. Your digital ID certificate cannot be used without your private key. If your digital ID certificate isn’t protected by its own password and you walk away from your computer while you are logged on, then someone could export your digital ID certificate and import this certificate to another computer and impersonate you. If you think someone may have copied your digital ID certificate, then you should revoke this certificate immediately and enroll for a new certificate. Instructions for revoking your old digital ID certificate and enrolling for a new certificate are provided at the NRC website: Obtain a Digital ID Certificate.
Copyright © 2000, VeriSign, Inc. All Rights Reserved
