User Authentication

What is User Authentication?

User authentication is the process by which a web server can restrict access only to certain users. This could be done for online magazines which require paid subscriptions.

The home page will still be accessable to the world, for it will try to sell subscriptions to the service. However, the home page will also link to a special area of the site which is called the secure area.

A subscriber connects to the home-page of a site, which contains a link to the secure area.
The user clicks on the link to the secure area, and receives a message by his browser that asks for a user name and password.
If entered user/password combination is in the account file, the secure area is entered. If not, access is denied.

How can 20/20 Technologies help?

The typical procedure is this: a user will call you or mail you with payment and a username/password pair. Upon receipt of payment, you contact 20/20 Technologies with a list of changes (additions, removals, etc.) and they will put the user online. The next time the user contacts the web site, using the authorized username/password pair will allow access.

20/20 Technologies can provide user authentication for its clients who wish to establish a subcription based service on the World Wide Web. We will handle the username/password maintenance, based on your requests to add/delete/change user entries.

You can tell us about changes to the user file through either email or the telephone as often as once a day. We will process these changes within 24 hours. Anytime, upon request, we will send you the account file (passwords excluded) so you can compare your records with what is actually online.

How much does it cost?

Our rates for this service are as follows:

Set-up for secured access: $40
Password file maintenance: 1-50 changes: $1/change; 51+ changes: $0.50/change
Report of all registered accounts: free, once per month, or upon request.

How secure is it?

This is low level of security. If a user gives his or her username and password to others to use, it will work for them as well. This is a fundamental problem with any subscription service; it's analogous to a subscriber of a magazine loaning the magazine to friends who have not subscribed.

The username/password information is not encrypted using PGP or any of the military-grade encryption algorithms now commonly used on the internet. However, it is uuencoded, which means that it will not appear in human-readable text. A high-tech spy eavesdropping on the network traffic could spot a packet containing a username/password and uudecode it, thus allowing his entry under the stolen account.

Furthermore, technically advanced users with accounts on the access provider's system can get into the site by bypassing the username/password restriction altogether. However, it takes a high level of understanding of the Unix operating system to perform this trick.

All in all, this level of security is fine for subscription services, and is employed by many large services. The average World Wide Web user is not a computer expert; they will be perfectly willing to pay for a subscription to a site if it provides the information they need.