ABSTRACT
User authentication needs not only to negotiate with security, privacy, and legal issues through functionality and usability, but also to address safety issues caused by sudden and unexpected changes due to the COVID-19 crisis. This article discusses three generations of user authentication with an emphasis on its technology and human factors. Especially during the crisis, digital transformation moves fast;therefore, the acceptable level of security is more flexible while privacy is still preserved. New technologies and applications such as blockchain, digital identity, 5G/B5G, and SDN/NFV underpinning user authentication will become more practical.
ABSTRACT
In information security, it is widely accepted that the more authentication factors are used, the higher the security level. However, more factors cannot guarantee usability in real usage because human and other non-technical factors are involved. This paper proposes the use of all possible authentication factors, called comprehensive-factor authentication, which can maintain the required security level and usability in real-world implementation. A case study of an implementation of a secure time attendance system that applies this approach is presented. The contribution of this paper is therefore to provide a security scheme seamlessly integrating all classical authentication factors plus a location factor into one single system in a real environment with a security and usability focus. Usability factors emerging from the study are related to a seamless process including the least number of actions required, the lowest amount of time taken, health safety during the pandemic, and data privacy compliance.