USING OF ADDITIONAL METHODS OF USER AUTHORIZATION
DOI:
https://doi.org/10.37943/AITU.2020.89.25.011Keywords:
Internet, encryption key, certificate, authorizationAbstract
The article considers the methods of additional authorization of users of information systems, their advantages, and disadvantages, typical examples of usage. Multifactor authentication is becoming a standard tool for verifying the identity and access rights of information systems, from banking operations to access to enterprise databases. With the expansion of the spheres of use of various information systems, applications, and services, users of the systems get new opportunities, convenience, and mobility. But at the same time, there is a problem of secure and controlled access, authorization and identification of the user, confirmation of his authority. The options under consideration cannot be limited to service delivery alone: mechanisms could and should be used in various combinations. In addition to the analysis, experiments were carried out on implementing and testing additional authorization mechanisms, and feedback from end users was collected. Each of the methods was evaluated from many angles: ease of implementation, ease of use by the end user, availability, and adequacy of use. At the same time, there is no way to identify the optimal and universal method of additional authorization, since various service sectors have their own requirements for accessibility, reliability, and security. One can single out corporate services that provide data exchange, data processing or analytics, or remote management services industrial network management as the most promising areas for implementation. The authors analyzed the various methods most widely used in the security market, their capabilities, advantages, and disadvantages. The authors did not set the goal of nominating one selected mechanism as a priority; therefore, no recommendations are given to use a particular method.
References
Комаров, А. (2008). Современные методы аутентификации: токен и это все о нем..!. T-Comm-Телекоммуникации и Транспорт, (6). [Электронный ресурс] // Режим доступа: https://www.aladdinrd.ru/company/pressroom/articles/sovremennye_metody_autentifikacii_token_i_eto_vse_o_nem
Скородумов, А. (2015). Многофакторная аутентификация – лучше меньше, да лучше, «Information Security/ Информационная безопасность», (6) [Электронный ресурс] // Режим доступа: http://lib.itsec.ru/articles2/Oborandteh/mnogofaktornaya-autentifikatsiya-luchshe-menshe--da-luchshe –Дата доступа 08.12.2020.
Многофакторная (двухфакторная) аутентификация, [Электронный ресурс] // Режим доступа: https://www.tadviser.ru/index.php/Статья: Многофакторная_(двухфакторная)_аутентификация – Дата доступа 08.12.2020.
Marty Puranik, What is Two-Factor Authentication? The Tip of the Security Spear, [Электронный ресурс] // Режим доступа: https://www.securitymagazine.com/articles/91974-what-is-two-factorauthentication-the-tip-of-the-security-spear, March 23, 2020 – Дата доступа 21.12.2020.
Abhishek Shah, Multi-factor authentication, [Электронный ресурс] // Режим доступа: https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7ff015e7d:online-data-security/xcae6f4a7ff015e7d:user-authentication-methods/a/multi-factor-authentication – Дата доступа 21.12.2020.
Ometov, A., Bezzateev, S., Mäkitalo, N., Andreev, S., Mikkonen, T., & Koucheryavy, Y. (2018). Multifactor authentication: A survey. Cryptography, 2(1), 1.
Богданов, Д.С., & Клюев, С.Г. (2020). Классификация и сравнительный анализ технологий многофакторной аутентификации в Веб-приложениях. Моделирование, оптимизация и информационные технологии, 8(1), 17-18. [Электронный ресурс] //
Misha Ketchell, Can I still be hacked with 2FA enabled?, [Электронный ресурс] // Режим доступа:
https://theconversation.com/can-i-still-be-hacked-with-2fa-enabled-144682, September 4, 2020, – Дата доступа 21.12.2020.
Misha Ketchell, Receiving a login code via SMS and email isn’t secure. Here’s what to use instead, [Электронный ресурс] // Режим доступа: https://theconversation.com/receiving-a-login-code-viasms-and-email-isnt-secure-heres-what-to-use-instead-112767, March 6, 2019, – Дата доступа 18.12.2020.
Mike Betsko, Multifactor authentication critical as workplaces get more connected, [Электронный ресурс]. 14, 2020, – Дата доступа 18.12.2020. David Hald, 8 reasons you should turn to multifactor authentication, [Электронный ресурс] // Режим доступа: https://techbeacon.com/security/8-reasons-you-should-turn-multi-factor-authentication, – Дата доступа 18.12.2020.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who publish a manuscript in this journal agree to the following terms:
- The authors reserve the right to authorship of their work and transfer to the journal the right of first publication under the terms of the Creative Commons Attribution License, which allows others to freely distribute the published work with a mandatory link to the the original work and the first publication of the work in this journal.
- Authors have the right to conclude independent additional agreements that relate to the non-exclusive distribution of the work in the form in which it was published by this journal (for example, to post the work in the electronic repository of the institution or publish as part of a monograph), providing the link to the first publication of the work in this journal.
- Other terms stated in the Copyright Agreement.