期刊名称:Communications of the Association for Information Systems
印刷版ISSN:1529-3181
出版年度:2006
卷号:17
期号:1
页码:4
出版社:Association for Information Systems
摘要:Computer-based information systems in general, and Internet e-commerce and e-business systems in particular, employ many types of resources that need to be protected against access by unauthorized users. Three main components of access control are used in most information systems: identification, authentication, and authorization. In this paper we focus on authentication, which is the most problematic component. The three main approaches to user authentication are: knowledge-based, possession-based, and biometric-based. We review and compare the various authentication mechanisms of these approaches and the technology and implementation issues they involve. Our conclusion is that there is no silver bullet solution to user authentication problems. Authentication practices need improvement. Further research should lead to a better understanding of user behavior and the applied psychology aspects of computer security.