Introduction
The present epoch of computer technology has come with a number of challenges. One of the challenges is in safeguarding information stored in computer systems.
To make sure that only authorised persons have access to the stored information, organizations come up with authentication and authorization procedures, which assign unique login details to each person (Bishop, 2002).
Whenever one wants to access information stored in a computer system, he or she has to key-in the login details. Organizations use varied types of authentication depending on the level of required security. This paper will discuss authentication, different types of authentication and authorization.
Authentication
Birch (2007), defines authentication as, “The process of determining whether someone or something is, in fact, who or what is declared to be” (p. 86). In many cases, authentication is done by verifying individual’s password or username.
Organizations use authentication with the sole goal of guaranteeing security of their network systems or data. They require knowing persons prior to allowing them to access crucial information.
Hence, authentication helps to make sure that only the authorised persons have access to information. Authentication procedure follows the assumption that only the authorised persons have knowledge about the passwords or usernames that an organization utilises (Birch, 2007).
Two-factor authentication
Two-factor authentication is also referred to as strong authentication. The authentication process involves giving two forms of login details.
Persons may be required to give their passwords and swipe their credit cards or, use their biometrics together with a password before gaining authorization. Two-factor authentication is used to secure vulnerable or sensitive information (Jin, Ling & Goh, 2004).
Username or password only may not be adequate to protect sensitive information. This authentication is mostly used in hospitals to secure health care information.
Some of the health care information stored in shared computers is sensitive, and it calls for health care practitioners to use a two-factor authentication to make sure that other users do not access the information.
Multi-factor authentication
Bhargav-Spantzel et al. allege, “Multi-factor authentication occurs when a user is required to provide multiple pieces of information to authenticate them to a system. They require using something they know, something they have, and something they are” (2007, p. 530).
Conventionally, multi-factor authentication entails using a combination of password, a token and biometric data. This combination creates a secure authentication procedure that is hard to steal. A cyberstalker is able to steal the login details of individuals that use weak authentications.
This makes network systems vulnerable to cybercrimes. However, the use of multi-factor authentication makes the systems secure as individuals have to provide a physical gadget before gaining authorization.
Multi-factor authentication makes it hard for cybercriminals to penetrate into computer networks from a distance (Bhargav-Spantzel et al., 2007).
Authorization
In computing world, “authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular” (Ratha & Bolle, 2005, p. 617).
System administrator requires limiting the access privileges given to each user in an instance where multiple users have access to a system. In such an instance, the administrator assigns varied access privileges to different users based on their needs.
This guarantees that individuals do not have access to information that is beyond their areas of operations. It ensures that sensitive and vulnerable information is secure.
Authorization and authentication software
Presently, organizations use authentication and authorization software to regulate access to information systems. There are different authentication and authorization software that varied organizations use.
Consequently, they chose software depending on its ability to meet the desired level of security and cost. Some of the current authentication and authorization software include AuthAnvil 2FA and Enablon Authorization & Sign Management (ASM) respectively (Scorpion Software Corp., 2013).
AuthAnvil 2AF is authentication software that requires users to produce an identification gadget called a token together with their personal identification number (PIN). The software keeps on changing the authentication password.
For people to access a secured system, they require providing their PIN together with a one time password. One is not allowed to access the system without providing the two authentication requirements.
This makes the system secure since once individuals use their passwords; they cannot use the same password in the future. Hence, it is hard for unauthorised persons to steal the password (Scorpion Software Corp., 2013).
The main weakness of the software is that it is not compatible with all types of hardware devices. Hence, in case one does not have a compatible hardware device, he or she would have to incur extra cost in purchasing compatible hardware.
AuthAnvil 2AF “reduces integration and customization costs by providing a single foundation for all core authentication management for your business, and that of your customers” (Scorpion Software Corp., 2013, par. 19).
The software is compatible with a number of hardware devices and does not involve a lot of licensing overhead. Once individuals purchase the software, they register it with its manufacturing company and are free to use the software.
The fact that AuthAnvil 2AF issues a different password whenever one wants to log in, makes it appropriate for the Banking industry or Health care facilities.
The Banking industry requires an Information Technology (IT) system that is very secure. This authentication software would help to secure IT systems in the banking industry.
Enablon ASM is software that helps organizations to manage authorization and allocation of signatures to employees. For an organization to enhance its operations, it requires delegating authorization duties to certain staff.
However, if an organization runs numerous companies across the globe, it would be hard to monitor its authorization procedures and to make the necessary changes. Enablon ASM helps to solve this problem.
The software helps organizations to validate email alerts, and login details electronically (Enablon, 2012). Besides, the software helps organizations to save resources and time that would be used gathering, finding and scrutinizing delegation information.
The main weakness of the Enablon ASM software is that it is not compatible with all hardware devices. Additionally, it would be hard for an organization to manage authorization process in event of software failure.
The software is not costly since one does not incur licensing cost (Enablon, 2012). Once a company purchases the software, it is set to start using it with the authorization of Enablon Company. The software is suited for oil companies, which run numerous firms across a region or globe.
With the software, a company would be able to manage its information system by making sure that employees only access the information they require in their areas of specialization.
Conclusion
Growth in computer technology and increase in cybercrimes, has led to organizations looking for ways to secure their information systems. Presently, organizations use two-factor and multi-factor authentication procedures to secure their systems.
Besides, organizations are turning to authentication and authorization software to enhance the security of their information technology systems. This has saved many organizations from cyber criminals.
References
Bhargav-Spantzel, A., Squicciarini, A., Modi, S., Young, M., Bertino, E. & Elliott, S. (2007). Privacy preserving multi-factor authentication with biometrics. Journal of Computer Security, 15(5), 529-560.
Birch, D. (2007). Digital Identity Management: Perspectives On The Technological, Business and Social Implications. Hampshire: Gower Publishing Limited.
Bishop, M. (2002). Computer Security: Art and Science. Boston: Addison-Wesley.
Enablon. (2012). Enablon ASM. Web.
Jin, A. Ling, D. & Goh, A. (2004). Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition, 37(11), 2245-2255.
Ratha, N. & Bolle, R. (2005). Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3), 614-634.
Scorpion Software Corp. (2013). AuthAnvil two factor Auth Intro: AuthAnvil 2AF technical tour. Web.