Many commercial packages are designed with security features that control who can access the computer. These types of access controls use a process called identification and authentication. Identification verifies that the user is a valid user, and authentication verifies that the user is who he or she claims to be. Three common methods of authentication are remembered information, possessed objects, and biometric devices.
With remembered information, a user is required to enter a word or series of characters that match an entry or security file in the computer. Most multi-user operating systems provide for a logon code, a user ID, and a password (all forms of remembered information) that all must be entered correctly before a user is allowed to use an application program. A logon code usually identifies the application, and a user ID identifies the user. A password usually is confidential, often known only by the user and the system administrator (Baker and Danville, pg 29-47).
A possessed object is any item that a user must carry to gain access to the computer facility. Examples of possessed objects are badges, cards, and keys. Possessed objects are often used in conjunction with a personal identification number (PIN), which is a numeric password (Price, pg 40-68).
A biometric device is one that identifies personal characteristics to authenticate a user. Examples of personal characteristics are fingerprints, voice patterns, signature, hand size, and retinal (eye) patterns. A biometric device usually translates a user's personal characteristics into a digital code that is compared to a digital code stored in the computer (Victors, pg 22-85). If the digital code in the computer does not match the user's code, access is denied.
Each of these authentication techniques has advantages and disadvantages. The table below outlines the major advantage and disadvantage of each...