The Pitfalls of the Certificate-Based User Authentication Scheme on Korean Public Websites: Implications for Cross-Platform and Cross-Browser Compatibility and End-User Computing

Abstract

The Korean government has employed a certificate-based user authentication scheme powered by Microsoft Internet Explorer and ActiveX plug-ins for the past two decades. Users must obtain accredited digital certificates, install all required plug-ins on their machines, and undergo all user authentication procedures. Public websites lack cross-platform and crossbrowser compatibility and discriminate against those who do not use Windows and Internet Explorer. Most stakeholders mistakenly take a series of authentication procedures for granted and endure an inconvenient, burdensome, vulnerable, and fallible user authentication scheme. Given limited awareness of web accessibility and cybersecurity, they unwittingly make electronic copies of security code cards, store accredited digital certificates on a hard disk or flash drive, and mechanically click “Yes” or “OK” whenever a dialog box pops up. This monolithic end-user computing environment, despite its crucial pitfalls, contributed to the early diffusion of online public information and services; indeed, it was a double-edged sword. Although most ActiveX or non-ActiveX plug-ins were removed from public websites by 2021, the troublesome certificate-based authentication scheme remained almost unchanged for a long time (1999-2020). This case study illustrates the influences of the weird user authentication scheme on web accessibility and end-user computing and the importance of international technology standards.departmental bulletin pape