88-98
USING OF ADDITIONAL METHODS OF USER AUTHORIZATION
Authors: B. Sultanova, A. Chsherbov
Number of views: 137
The article considers the methods of additional authorization of users of
information systems, their advantages, and disadvantages, typical examples of usage.
Multifactor authentication is becoming a standard tool for verifying the identity and access
rights of information systems, from banking operations to access to enterprise databases.
With the expansion of the spheres of use of various information systems, applications, and
services, users of the systems get new opportunities, convenience, and mobility. But at the
same time, there is a problem of secure and controlled access, authorization and identification
of the user, confirmation of his authority. The options under consideration cannot be limited
to service delivery alone: mechanisms could and should be used in various combinations. In
addition to the analysis, experiments were carried out on implementing and testing additional
authorization mechanisms, and feedback from end users was collected. Each of the methods
was evaluated from many angles: ease of implementation, ease of use by the end user,
availability, and adequacy of use. At the same time, there is no way to identify the optimal
and universal method of additional authorization, since various service sectors have their own
requirements for accessibility, reliability, and security. One can single out corporate services
that provide data exchange, data processing or analytics, or remote management services
industrial network management as the most promising areas for implementation. The authors
analyzed the various methods most widely used in the security market, their capabilities,
advantages, and disadvantages. The authors did not set the goal of nominating one selected
mechanism as a priority; therefore, no recommendations are given to use a particular method.