Authentication of users is one of the most commonly used means to attain high security in access to and use of systems. However, with the advancement in technology, thus advancement in security threats related to access, the process does not end there. After authentication, other measures should be laid in place to further protect the systems from abuse by the authorized users who may be having ill motives (Bosworth, 2009).
Necessity for post-authentication measures rises with the realization that when access is made available to the public, the people involved might, at least at a point attempt to gain access to information not made available for them. This mainly occurs with the people privileged to have the administrator rights of access (Merkle, 1982).
Post-authentication procedures mainly focus on issues that attempt to compromise and circumvent the security standards that are already in place. One of the commonly used measures in ensuring post-authentication security is the logon and logoff concept. This creates a scenario where data of the events taking place after logoff or logon are tracked and kept in records for analysis. Its, however, more of a recovery mechanism than a preventive mechanism as it can only note an occurrence after it has happened (Plum & Bleiler, 2001).
Another mechanism can include issues of session management, to track what the logged on users are doing and from where. This may be accompanied by continuous change of the passwords, especially when the concerned user has logged out and is not expected to log on from the work environment until a specified time.
References
Bosworth, S. (2009). Computer security handbook. Vol. 2 (5. ed.). Hoboken, N.J.: Wiley.
Merkle, R. C. (1982). Secrecy, authentication, and public key systems. Ann Arbor, Mich.: UMI Research Press.
Plum, T., & Bleiler, R. (2001). User authentication. Washington, DC: Association of Research Libraries, Office of Leadership and Management Services.
