The process of security authentication can be defines as that process that identifies and verifies an entity or a person. This process helps in ascertaining the identity of a person or an entity. Most if not online applications apply this process. Security authentication plays an instrumental role in safeguarding and protecting crucial data. Before an entity or an individual accesses their online banking, online shopping, or email account, they must first provide a login username and a password. The keying in of the login credentials are part of the authentication process. An entity or person attempting to access a password-protected account without the login credentials cannot do so. Therefore, authentication plays a vital role in safeguarding and securing crucial data (Chevassut, & Siebenlist, 2005).
The process of security authentication begins with the system requesting its user to identify himself by keying in both the password and the username. Then the system authenticates the credentials provided by comparing them with what it has in the database. Once the system has authenticated the user’s credentials, it then authorizes the user to access data found in the account whose credentials have been authenticated (Infosecurity Europe, 2004). Most online and accounting applications are designed in such a way as to trace every action of the user in the system. The user can only gain access to the data he is authorized to access and nothing more.
Reasons for Security Authentication
The growth of the internet and its contributions to business success has necessitated information security experts to embark on security authentication. The simplicity of data access over the internet has also captured the attention of criminal elements who labour continually to spoof and steal identity. Individuals and organizations alike have suffered serious liabilities inflicted upon them by these cyber criminals. Criminal elements embedded within the online community have made a habit of defrauding unsuspecting online shoppers and bankers. The runaway increase in online fraud has forced organizations to prioritize security authentication and data protection. Most organizations are concerned by the recent increase in hacking and phishing attacks.
A few years ago, there were limited numbers of online application; cyber fraud was kept at the minimum. Fast-forward and today we have a myriad of online applications. It is actually argued that almost everything that one can do offline; there is an equal online counterpart. These may include banking, shopping, reporting tax, paying bills among others. The availability of these services online simplifies life. However, it is understood that all the online applications need a secure authentication prior to granting access to its users.
Challenges inherent in Security Authentication
In a bid to secure an online application, the organization must strike a balance between usability and security of the system. Simply put, an organization is faced with a trade off between usability and high level of security. Therefore, the higher the level of security, the lower the acceptability and usability. The greatest challenge that organizations must contend with lies in finding a secure system that is acceptable to its users (Oppliger, 1996).
Users of online applications always desire to have an application that is easy to use and at the same time secure. Legislations have also been formulated to oblige companies to protect the data of their clients. This in effect ensures that online transactions are safe but also makes it a bit complex; maybe too complex to the liking of most users (Oppliger, 1996). Users also have a desire o access data on mobile devices away from their workstations; this has forced information security experts to devise system security systems that protect against a widened range of attack vectors. Some of the security threats to the modern day organization include identity theft, phishing, spyware, key loggers, and malware attacks.
Types of Authentication Systems
There are many authentication methodologies in existence and they range in complexity from simple systems to complex systems. The level of security afforded by a system depends upon both the technique used in authentication and the manner in which the said method is deployed. The most common method of authentication is one that uses a password and a username. However, this is also considered the most insecure of the authentication methodologies. Of the many authentication methodologies, this paper will restrict itself to the discussion of authentication methods that involve up to three factors (Oppliger, 1996). These include knowledge, possession, and attribute. Knowledge authentication uses what the user knows e.g. a PIN or password, the possession authentication uses what a user possesses e.g. a USB token or Smart Card, while am attribute-based authentication uses something that the user has in himself e.g. a biometric characteristic such as pattern of the eye or a fingerprint.
Either based on the three factors discussed above, authentication schemes can be single or multiple factored:
- Single factor authentication- this is based on one factor only. For instance, the password/username authentication system is based on one factor, what someone knows.
- Multi-factor authentication relies on two or more factor and it can be accomplished via software or hardware. An ensample of this class of authentication is the use of an ATM card. The card represents what the user has while the pass code or PIN represents what he knows i.e. possession and knowledge.
Security authentication is a two way process; the users are afforded assurance that they are connected to the intended online account prior to the provision of the login credentials. Phishing attacks have taken many unsuspecting users for a ride by directing them to spoofed websites from where the attackers collect sensitive login credentials from unsuspecting users. Security experts advise that websites authenticate their websites by signing a digital certificate and encrypting it with Secure Socket layer (SSL) .This authentication technology will ensure that the user is protected from phishing attacks. The commonly encountered types of authentication are discussed hereunder (Oppliger, 1996):
- Password Authentication- passwords are secrets shared between the user and the system he seeks to gain access. PINs and passwords are the primary means by which most people gain access to online applications using a single factor of authentication. The main problem with this mode of authentication lies in the fact that most users choose weak or inappropriate passwords. For instance, users might elect to use their real names, date of births, common English words, names of popular cities and monuments as login credentials. This exposes their accounts to hacking and phishing attacks. According to a survey conducted by Infosecurity Europe, 71% of the respondents were ready and willing to give away their passwords for an incentive as low as a candy bar (2004).
- A one-time password (OTP) – unlike the static password authentication, OTP authentication gives the user a unique and dynamic password each time the user seeks to access an online account. OTPs can either be time-based, out-of-band transmission, challenge-based or scratch lists (Chevassut, & Siebenlist, 2005).
- Software tokens (SSL Certificates) – this is a software version of hardware token and is sent to the user’s device to authenticate his identity. SSL certificates are less expensive as compared to hardware solutions. However, SSLs are prone to visual spoofing, key loggers, and malware attacks. SSLs are unique and personal certificates. Based on this assertion, users can be authenticated based on what they have.
- Hardware tokens- these are physical devices possessed by individuals and may form part of a multi-factor authentication system. They include smartcards and USB token devices.
The Effect of Authentication on Design of New Information Systems
A concise understanding of the available authentication modalities is key to the design of an attack-proof information system. Organizations are required by law to act as custodians over their clients’ personal data. The surest authentication system is one that affords usability and security in near similar importance. The design and information process must consider all vulnerabilities inherent in the different authentication methodologies. The multi-factor authentication that required the provision of PIN, possession of a Smartcard and attribute such as a fingerprint is considered the strongest and cannot be easily breached. Depending on the sensitivity of the data that the system seeks to protect, the design team can elect any factor of authentication.
In summary, security authentication helps in data protection. An attack-proof system safeguards an organization’s data that includes sensitive login credentials of their clients. A secure authentication design serves to reassure clients that they information is kept away from prying eyes. This boosts their confidence and allows them to partake of online transactions with a peace of mind.
Chevassut, O., Siebenlist, F. (2005). Secure (OneTime) Password Authentication for the Globus Toolkit
Infosecurity Europe 2004 .(2004).Infosecurity Europe 2004:Information Security Survey.
Oppliger, R. (1996). Authentication systems for secure networks. Boston: Artech House.
Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.[order_calculator]