|
|
|
|
|
|
by efitz
618 days ago
|
|
|
What people want is authorization. Authentication is a painful activity that must be performed in order to do authorization properly in most cases. Side note: there is a trivial case where authentication is reduced to “whoever is physically holding/interacting with the system”. This is when either the operation to be authorized is relatively low risk (changing the channel on the TV with the line-of-sight IR remote control) or when you’re depending on physical security controls to prevent access to people who shouldn’t be doing the thing, e.g. requiring data center technicians to badge in before they can go into the server room and start disconnecting things. |
|
|