CS Minor | ICT Article

How to handle the authentication & authorization of your employees in 2021

When you have a lot of op employees, it's pretty easy to lose track of who does what within the company. This is where having a sound identity management system comes in. By applying the most appropriate authentication/authorization strategy, you can improve productivity, for example, by using a fingerprint instead of a keycard for access. A keycard may be forgotten at home or lost while that is a little harder to do with your fingers. This reduces the drop in productivity by providing that employee with a temporary solution.

Remember the privacy of your employees

The right to privacy for employees is crucial. While your company's desire to use surveillance is acceptable, monitoring must do it with caution. While the surveillance of employees is not illegal, companies must respect employees' privacy. On the shop floor and outdoors, they have the right to privacy. As a result, employees may not be monitored in this manner. The AVG Act specifies the "Conditions for Monitoring Staff." "Employees' rights and interests must be weighed against a justifiable interest. This point of view must be well-supported. It must also be required. This suggests that the desired goal cannot be reached in a less draconian manner for the employees. Furthermore, the person must be fully informed about the monitoring process and how it is carried out. Finally, personal e-mails and other secret conversations should not be tracked."

1. Username and password

This is the most straightforward option. The benefit of this strategy is that it is likely to be low-cost and low-effort to adopt. No special hardware is required, and the software built for this purpose will be simple. This method also ensures a high level of reliability. The disadvantage of this strategy is that entering a login and password takes a lengthy time. However, the influence of legislation on privacy and limits is similarly minimal.

2. PIN (Personal Identification Number)

The username and password approach is very similar to this one. The advantage of this strategy is that it is likely to be low-cost and low-effort to adopt. There is no need for special hardware, and the software built for this purpose will be simple. This method also ensures a high level of reliability. A PIN is faster and easier to remember than a login and password. This will lead to the ease of use improving. The impact on privacy and legislative limits are similarly negligible. A PIN code has the disadvantage of being highly visible. Anyone who sees a PIN can immediately log into another person's account.

3. RFID-tag

Employees will be given an RFID tag as part of this solution. They use this to log in by tapping it against a scanner, which provides them with immediate access to the system. This solution is simple because it only requires a straightforward login action. As a result, this system is quite simple to utilize, especially since all employees must carry the tag about with them every day. This is also a tried-and-true method that has been used in a variety of applications for many years. For example, consider the OV-Chipkaart, used at the Dutch train stations. As a result, this solution's reliability is very high. The expense of executing this solution, on the other hand, will be higher. Hardware that can read these tags must be acquired and installed at the terminals. The necessary equipment could be obtained for less than 20 euros per piece, especially in larger quantities. Furthermore, software that can manage this hardware must be built, allowing the employee to log in automatically. Again, there will be virtually little impact on privacy using this technology, and there will be no legal limits.

4. Fingerprint

Fingerprint login is usually a simple, quick, and reliable method. Take, for example, using a fingerprint to unlock a phone. It's simple to use, quick, and relatively reliable. Furthermore, the cost of adopting this solution will be prohibitively expensive. At the terminals, hardware capable of scanning fingerprints will be required. Moreover, software that can manage this hardware must be built/bought, allowing the employee to log in automatically. Finally, because biometric data (including fingerprints) falls under sensitive personal data under the General Data Protection Regulation (AVG) legislation, it is not permitted to obtain and utilize it from employees. Therefore, if the employee refuses to use their fingerprint, it is critical to provide an alternative.

5. Facial detection

Facial recognition is usually straightforward, but it is unreliable, depending on the technique. For example, this method may often be evaded with a simple photo when using a regular camera, and two persons that seem pretty similar can also go wrong. Furthermore, the cost of adopting this solution will be prohibitively expensive. At the terminals, face-scanning gear will need to be installed, and software will need to be created to manage the hardware and allow the employee to log in automatically. Finally, this is subject to the same rules as fingerprints, namely, that it is considered sensitive personal data under the General Data Protection Regulation (GDPR).

6. Bluetooth

Employees must install a particular app on their phones that generate a Bluetooth signal that sensors can pick up on the computers to use this strategy. Once set up, this method is simple because no action is necessary to log in. As a result, this approach is quite simple to implement, especially since many staff will always have their phones. On the other hand, the solution's reliability is projected to be relatively low. There's a potential of reading errors, and if employees pass past a computer or stand with a group of people, there's a good chance of unexpected behavior and mistakes. Furthermore, due to the enormous number of phones available, there is an excellent likelihood that difficulties with the app may arise, which will be challenging to repair. When it comes to downloading and utilizing this software, the IT staff will likely be swamped with queries and issues. There will also be some employees who refuse to install an app on their phone, and there may even be employees who do not own a modern smartphone. Furthermore, the cost of adopting this solution will be prohibitively expensive. At the terminals, hardware that can read Bluetooth signals will need to be installed, and software that can manage this hardware and automatically log the employee in will need to be built. It will also be necessary to create an app. Furthermore, there is a risk with this strategy regarding employee privacy. Because the signals can be received from a distance, it is theoretically possible to track and record the movements and patterns of workers on the factory floor. Despite cameras in some areas, it is impossible to identify employees using these photos due to the protective clothes used. As a result, this method may create concerns about employee privacy.

Conclusion

There are a lot of different techniques available to handle the authentication/authorization at your company. Each of these options has its pros and cons. The best thing is to weigh these options based on the reliability your company needs in contrast to the privacy of your employees. Regardless of the technique used, the best thing you could do for your company is actively pursue security concerns. The last thing you want to do is get stuck on choices while the issue persists. As long as you actively pursue raising your company's security to the best of your ability and, of course, which fits best for your company, you are already ahead of the curve.