The modern world cannot be imagined without the extensive use of various technologies that have become an integral part of the society. Today there is hardly a sphere of human activity that does not benefit from the utilization of one or another innovation or approach guaranteeing better outcomes with the significant reduction of costs and efforts. At the same time, the mass digitalization of the society resulted in the emergence of new ways of interaction among people.
Using the Internet, individuals engage in various kinds of relations and following multiple purposes starting from the search for communication and ending with business ones. This process is associated with the uploading of massive portions of data to improve the chance to find the needed partner regardless of the purpose of this process. It means that private information that should be protected appear on the Internet. Under these conditions, the question of security and measures to secure information acquires the top priority.
Today, hackers cause substantial damage to various organizations, companies, and individuals who have their information on the Internet. Maleficent actions performed by other persons might result in data leaks and financial loses. For this reason, there is the tendency towards the diversification and sophistication of measures used to protect users from frauds and thefts and ensure the high level of security of important data (Kernighan, 2017). Especially important this question becomes for companies or organizations that work with private information. They are interested in the creation and development of complex security controls and protocols that are expected to eliminate all loopholes in security systems and minimize the opportunity for a successful hacker attack.
One of the approaches used today preconditions the introduction of longer and more sophisticated passwords to ensure the high level of security and data protection. At the first stages of its utilization, the given method seemed efficient enough as it showed users the necessity to create complex passwords that combined numbers, letters, various registers. Exploration of this method ensured the absence of too simple passwords that could be easily guessed by malefactors (Kernighan, 2017).
However, the further development of digital technologies gave rise to new tools of security systems breaking. Hackers acquired potent tools needed to generate an appropriate password by combining various symbols. For this reason, specialists working in the sphere doubt the efficiency of this approach (Kernighan, 2017). Its ability to protect really important pieces of data that can be used to cause substantial harm to organizations, companies, and individuals is also discussed.
Another popular perspective on methods to protect information suggested the increased frequency of changing passwords. The central idea of this very method was to complicate the work of hackers by altering symbols used to protect data and making it impossible to use tools that demand prolonged periods of time to work (OGorman, n.d.). At the same time, servers containing all passwords are often attacked by malefactors which means that all personal information needed for authentication can be stolen (Kernighan, 2017).
This data can be used to break security systems and cause damage to organizations. Changing passwords, users are able to avoid this problem by introducing new variants of their passwords to protect their sites or other storages. However, there are also multiple claims regarding the effectiveness of this very approach and its ability to ensure safety to users.
Problems with Usability
At the same time, along with the decreased efficiency of these measures and their inability to protect data appropriately, there is another problem associated with them. The fact is that people who have to utilize these approaches have complaints regarding their usability (Kernighan, 2017). Extremely long and complex passwords introduce additional difficulties for users who want simplicity and efficiency from modern technologies.
However, the need to alter passwords in particular periods of time and the necessity to create new even more complicated ones increase the level of their dissatisfaction with this method (Kernighan, 2017). Additionally, for certain social groups, it can be too difficult because of their poor computer literacy and the inability to understand the mechanism of this systems functioning. In this regard, there is the need for the more user-friendly and understandable approach that will help to guarantee the needed level of protection and remain simple for users.
Today, there are several new methods of data protection that are suggested by security specialists. These are single sign-on (SSO) and multi-factor authentication (MFA) that presuppose the use of several tools at the same time (Carpenter, n.d.). Security officers argue about the efficiency of these two solutions if to compare with each other; however, it is apparent that a simple combination of a user ID and password will no longer suffice users regarding their need to protect the most vulnerable data (Carpenter, n.d.).
That is why today the shift of priorities towards the gradual implementation of these new measures can be observed in the sphere of the Internet security. In accordance with the statistics, SSO and MFA become more popular among sites with the high level of protection and users start to recognize their efficiency and innovative character (Carpenter, n.d.) For this reason, the mechanisms of their functioning should be investigated to analyze how they work and determine their ability to replace old approaches.
The central idea of MFA is the usage of several different factors that verify an individuals identity and provide with the needed access to software, systems, data, and control. To authenticate individuals, the system analyzes critical facts that only a user can remember (Carpenter, n.d.). It implies something the person knows, something he/she has, his/her biometric information, and location (Carpenter, n.d). An obvious advantage of this approach is the extremely high level of security that is achieved due to the combination of unique aspects only one person can possess (Sabella, Mclean, & Yannuzzi, 2018).
The traditional password is supported by a security token and biometrical data that is extremely hard to fake, and location that helps to ensure that a person uses known places and comes from the country in which he/she was registered. Speaking about this method specialists also emphasize the role facial recognition and tokens play in guaranteeing security to users.
Biometric type of security is not new as fingerprints or voice recognition systems have already been used to protect important data. However, the further development of technologies contributed to the cheapening of devices needed to create such systems and their mass use in various spheres. That is why face recognition technology became available for all people who have web-cameras and the access to the Internet (Carpenter, n.d).
For instance, Apple was the first to introduce this security measure on their phones replacing traditional fingerprints scanners and introducing new even more efficient approach (“Mobile biometric authentication and mobile security token,” n.d.). In accordance with the research, the reliability and security of this method are higher if to compare with other biometric data (OGorman, n.d.). Every person possesses a set of features that make his/her face unique and contributes to the significant increase in the efficiency of security systems (OGorman, n.d.). Moreover, it can be determined a convenient way to authenticate individuals as they do not have to use long passwords or other tools.
Security tokens are another element of MFA security systems. In the most cases, they support authentication by their physical possession (OGorman, n.d.). In other words, the only person who has a certain object will be provided with access to particular information. Usually token is a metal key that belongs to an individual; however, a digital token includes another factor such as a secret PIN known only to an owner (Carpenter, n.d.).
This element is added to guarantee the increased safety to individuals if it is lost or stolen. It can be considered a significant advantage of this sort of authenticators as there an owner has time to act accordingly and make a new token that will help to get access to needed sites or data (OGorman, n.d.). Moreover, these keys can be equipped with GPS showing their location which makes search easier and contributes to higher security levels (OGorman, n.d.). Today, one-time password generators are also considered tokens that are used to ensure high reliability and data protection.
The concept of single sign-on (SSO) utilizes another approach to security. It is much simpler if to compare with MFA as individuals carry out a master sign-on at the beginning of their working periods to authenticate themselves and guarantee the high level of data protection (Sabella et al., 2018). If there is the need to use another software or database, SSO will perform this procedure on their behalf (Cross, 2014).
In such a way, SSO collects and stores all access details and credentials for the equipment that may be needed by users during their work (Cross, 2014). SSO solutions acquire popularity nowadays because of the simplicity of their use and their contribution to the further development of security systems along with the provision of safety guarantees to individuals from different parts of the world.
In such a way, the spread of SSO and MFA approaches evidences the gradual decrease in the popularity of outdated methods that presuppose the introduction of long passwords and their regular alterations. First of all, it happens because of the reduced efficiency of this model and its inability to meet increased requirements for protection. However, there are also numerous claims regarding the usability of these security methods and disregard of the user-friendly principle of the modern software (Sabella et al., 2018).
That is why MFA encompassing tokens, passwords, and facial recognition along with SSO become a new approach to the creation of the safe environment in the digitalized society. They combine the high level of protection with the simplicity of usage and innovativeness. Specialists working in the sphere recognize the promising character of these tools and emphasize the need for their further implementation as a more potent alternative to previous approaches.
At the same time, both MFA and SSO have their disadvantages that come from their nature. SSO is extremely convenient for users while there is a high security risk because of the peculiarities of authentication. MFA guarantees the best possible protection to data regarding the modern technologies; however, it can be less convenient because of the multi-stage authentication and the need to provide several elements to get access (Drinkwater, 2018). That is why the combined use of these two options might become the future of the Internet security as the convenience, and user-friendly character of SSO will be combined with the reliability of MFA to eliminate all loopholes (Carpenter, n.d.).
For instance, facial recognition might be demanded at the start of the day to get access in terms of the SSO approach (Drinkwater, 2018). Additionally, changes in location will be monitored by the system and serve as the ground for the additional verification procedure that might demand token or another element of MFA to prove the identity and continue using all databases or other software.
Altogether, the increasingly complex passwords and high frequency of their changing can be considered the past of the Internet security. The fact is that the emergence of new software and technologies provided malefactors with an opportunity to hack such systems. Additionally, their utilization is inconvenient for users as they face multiple difficulties while creating passwords and constantly changing them.
Instead, MFA and SSO acquire the top priority. They combine several elements needed to authenticate, ensure the high level of data protection, and remain convenient for users. At the same time, the combination of these two approaches can help to achieve even higher levels of safety because of the elimination of some drawbacks peculiar to one or another method. The use of tokens, facial recognition systems, and friendly SSO verification will help to secure data and ensure owners that all critical information needed for their work of private life will not be stolen.
Carpenter, J. (n.d.). Multi-factor authentication and single sign-on explained. Web.
Cross, J. (2014). Internet security: How to maintain privacy on the Internet and protect your money in today’s digital world. New York, NY: CreateSpace Independent Publishing Platform.
Drinkwater, D. (2018). What is single sign-on? How SSO improves security and the user experience. CSO. Web.
Kernighan, B. (2017). Understanding the digital world: What you need to know about computers, the Internet, privacy, and security. Princeton, NJ: Princeton University Press.
OGorman, L. (n.d.). Securing business’s front door – Password, token, and biometric authentication. Web.
Sabella, A., Mclean, R., & Yannuzzi, M. (2018). Orchestrating and automating security for the Internet of things: Delivering advanced security capabilities from edge to cloud for IoT. San Jose, CA: Cisco Press.