The Pitfalls of the Certificate-Based User Authentication Scheme on Korean Public Websites

The Korean government has employed a certificate-based user authentication scheme powered by Internet Explorer and ActiveX plug-ins for the past two decades. Users must obtain accredited digital certificates, install all required plug-ins on their machines, and undergo all user authentication procedures. Most clients mistakenly take a series of authentication procedures for granted and unwittingly make copies of security code cards, store accredited digital certificates on hard disks, and mechanically click “Yes” or “OK”. Public websites lack cross-platform and cross-browser compatibility and discriminate against those who do not use Windows. The government should require public organizations to provide at least a password-based n-factor authentication scheme over SSL/TLS and should reform institutional arrangements so that service providers take primary responsibility for online transactions. This “Galapagos e-government” case illustrates the importance of global technology standards and web accessibility.