Featured:
Allergies
Tech Know
Grilling Guide
eHow Now Blog

Token & Authentication Systems

Administrating a secure computer system can be a balancing act between security and ease of use. Access control protocols are necessary to exclude unauthorized users from protected areas, but they can also make it difficult and time-consuming for authorized users to navigate and work on these systems. Using tokens as a part of the authentication protocol can make things easier, but tokens can also open up possible vectors for outside attack.

  1. Authentication

    • Authentication can take many forms in computer systems, but the most common format is a user account and a password. Typically, the system stores a cryptographic hash of your password for security purposes, and when you enter your information, the system hashes the input and compares it to the stored value. If they match, the system grants you access. In the case of systems involving multiple networked computers, you might have to provide these credentials multiple times while moving from one system to another.

    Tokens

    • Security tokens can remove some of the authentication burden. Tokens are small files that serve as digital identification badges, letting the system know the user has passed verification. When you log in to a central server, it places one of these tokens on your system, and then any other system you navigate to can check that token instead of forcing you to re-identify yourself. Administrators can set specific security rules, marking certain systems as “trusted” and allowing their credentials to suffice for any other machine on the network. An administrator might also set exceptionally important machines not to trust any other credentials, requiring a login for every session.

    Advantages

    • The primary advantage of a token system is ease of use. Maximum-security systems might include many different logins and passwords for protected areas, requiring a user to remember many different passwords and PINs to access important files. A token system allows a single login to suffice for as much access as the administrator chooses to allow.

    Disadvantages

    • Token systems allow for easier access, but outsiders can exploit the system. Gaining access to a user’s token allows a third party to masquerade as that user, gaining access to any protected areas the token allows. In addition, if multiple machines on a network are set to trust a single central server, compromising that one server will allow a hacker full access to any system on the network. For best security, administrators should retain individual logins and passwords for the most important system locations, to prevent someone from gaining unfettered access via a compromised token.

Related Searches:

Comments

Related Ads

thumbnail
Featured