Some computer applications, including email systems and Web-based scientific journals, grant access by means of the computer’s Internet Protocol network address. This method, called IP authentication, allows access to everyone in an organization, such as a university, without the need to identify each user individually.
Although easy to administer, the approach does not offer the tight security of password-based systems.
No Password Needed
An IP authentication system, unlike other types of restricted computer software, does not ask you for a username and password. Instead, it identifies your computer automatically by virtue of its network IP address. This makes the resource quicker and easier to use. In a university library, for example, each PC’s address belongs to the school’s network.
A scholarly journal may agree to grant blanket access to all users at the school in exchange for a subscription which the school pays. The journal’s website detects the IP address of the PCs seeking information, and permits students and faculty to read the journal online. The journal’s site denies access if you try to reach the website from your home PC, as the Web server doesn’t recognize the computer’s IP address.
No User Identity
An IP-authentication system does not identify or distinguish among individual users, only their PCs. An unauthorized person who sits down at the computer gets the same access as someone who has the right to use these resources. This limits the system to only moderately sensitive or valuable material; more confidential information calls for a system that identifies each user, regardless of the computer they have.
Without user IDs and password files to maintain, an IP authentication system is easier to set up and administer. The system needs only the IP addresses of the computers which require access. Because IP addresses are numbers, an administrator can also grant access to a block of addresses, entering only the first and last numbers in the block.
Computers and network addresses change infrequently in most organizations, as opposed to the people who use them.
Lack of Mobility
IP addresses are frequently allocated to specific locations and buildings. Using an IP authentication system does not work for mobile users, who need access from different parts of the world. A smartphone, tablet computer or laptop takes on different IP addresses, depending on its geographic location.
For this reason, IP authentication systems do not work for mobile professionals, as they need an authentication method that doesn’t depend on the IP address.