| Popis: |
Nowadays, the problem of identification and authentication on the Internet is more urgent than ever.There are several reasons for this: on the one hand, there are many Internet services that keep recordsof users and differentiate their access rights to certain resources; on the other hand, cybercriminals'attacks on web services have become much more frequent lately. At the same time, in many cases, theweak point of systems exposed to attacks is precisely the authentication system.Authentication methods based on the knowledge factor (e. g. password protection) are the mostcommon and are applied almost everywhere. Their advantages are ease and low cost ofimplementation. On the other hand, such systems are often vulnerable to various kinds of attacks. It isestimated that up to 80% of successful hacker attacks (including attacks on the largest services withmillions of users) succeeded precisely because of the weakness of the password protection system.This paper presents a solution to the problem of passwordless authentication, which can be applied ina number of online services and systems. In particular, we consider the magic link technology andpresent an authentication system implemented using Keycloak, an open-source software product thatimplements single sign-on technology. In the future, it is possible to further improve the system, inparticular, using adaptive authentication, which allows switching between different authenticationmechanisms depending on certain factors. |
