Mainframe Security Part 2: User Authentication
How can a system accurately determine whether access to data should be allowed when it is not certain who the user is? We have seen this in the NSA - Edward Snowden case – he borrowed other administrators’ User IDs and passwords in order to gain access to data that he was not authorized for. Also, people working together sometimes share this information for convenience. But, what does that do for security and accountability? It destroys it. This is a critical situation for any user with access to some segment of an organization’s sensitive data, which is almost everyone these days.
I raised the idea of two-factor identification in my 1974 papers, but the world was different then.