Many commercial software packages are designed with computer security features that control who can access the computer. These types of access controls use a process called identification and authentication. Identification verifies that the user is a valid user, and authentication verifies that the user is who he or she claims to be. Three common methods of authentication are remembered information, possessed objects, and biometric devices.
With remembered information, a user is required to enter a word or series of characters that match an entry in a security file in the computer. Most multiuser operating systems provide for a logon code, a user ID, and a password (all forms of remembered information) that all must be entered correctly before a user is allowed to use an application program. A logon code usually identifies the application, and a user ID identifies the user. “A password usually if confidential, often known only by the user and the system administrator.” (Baker, 29-47).
A possessed object is any item that a user must carry to gain access to the computer facility. Examples of possessed objects are badges, cards, and keys. Possessed objects often are used in conjunction with a personal identification number (PIN), “which is a numeric password.” (Prince, 15-18).
A biometric device is one that verifies personal characteristics to authenticate a user. Examples of personal characteristics are fingerprints, voice pattern, signature, hand size, and retinal (eye) patterns. “A biometric device usually translates a user’s personal characteristics into a digital code that is compared to a digital code stored in the computer” (Victors, 7). If the digital code in the computer does not match the user’s code, access is denied. Each of these authentication techniques has advantages and disadvantages. Many organizations distribute brochures and newsletters to promote their biometric devices. In the past, preparing these devices...