Securing Internet Information Services

Authentication is a form of securing internet information services whereby verification is done as to whether the user can access the site he/she is attempting to access. Those who are allowed to access the information are given some secrets like password that forms part of credentials they require in order to gain access to the protected services. The aim of authentication is to minimize risks. There are mainly three types of authentication.

This include what you have like keys, identification card, pass card and tokens, what you are like fingerprints and voice match and finally what you know like password and passphrases. However, the use of passwords and passphrases is regarded as the most secure method of authentication and it is also cumbersome. This are the things that the individual knows by himself/herself only and one cannot be compelled to tell.

Additionally, passwords cannot be stolen from an individual’s mind or be duplicated. It is true that neither a person nor the courts can force one to spell his/her most secret passwords (Toast, 2007). What you know is far much better than what you have or what you are. This is because what you have can be duplicated and what you are can be coerced, but what you know cannot be stolen or used to falsify the credentials.

The use of passwords and user names forms the basic authentication and the main advantage of it is that, it is part of the HTTP specification and it is also supported by most of the browsers. In this method of authentication, it is a must for one to log in to the website with a valid user name and a password. Therefore, it is very easy to trap a person who is trying to visit the web page without permission. It also allows the use of network resources which are not located on the web server itself.

References

http://unisec.blogspot.com/2007/11/three-types-of-authentication.html