It is a known fact that terrorists are developing a keen set of technology skills to further their agendas. As previously stated, they use IT for their operational purposes as well as for launching attacks. In the IT domain, identification/authentication of a user is the first step in gaining access to system resources. Identity theft attacks are the simplest way to accomplish this objective, as was discussed in the preceding chapter. In these times of increased security awareness, IT managers must examine very carefully their identification and authentication subsystems to prevent the disabling or bypassing of the system by an unauthorized party. In this section, we will discuss identification, authentication methods, access control, and how to strengthen these methods for added resistance against possible attacks.