Additional Authentication Information
In addition to the name and
password, we can use other information available to authenticate users. Suppose
Adams works in the accounting department during the shift between 8:00 a.m. and
5:00 p.m., Monday through Friday. Any legitimate access attempt by Adams should
be made during those times, through a workstation in the accounting department
offices. By limiting Adams to logging in under those conditions, the system
protects against two problems:
Someone from outside might
try to impersonate Adams. This attempt would be thwarted by either the time of
access or the port through which the access was attempted.
Adams might attempt to access
the system from home or on a weekend, planning to use resources not allowed or
to do something that would be too risky with other people around.
Limiting users to certain
workstations or certain times of access can cause complications (as when a user
legitimately needs to work overtime, a person has to access the system while
out of town on a business trip, or a particular workstation fails). However,
some companies use these authentication techniques because the added security
they provide outweighs inconveniences.
Using additional
authentication information is called multifactor
authentication. Two forms of authentication (which is, not surprisingly,
known as two-factor authentication)
are better than one, assuming of course that the two forms are strong. But as
the number of forms increases, so also does the inconvenience. (For example,
think about passing through a security checkpoint at an airport.) Each
authentication factor requires the system and its administrators to manage more
security information.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.