There are two aspects to authentication in BSCW: to associate a BSCW user name with a certain individual, and to ensure that only this individual may act in BSCW under this user name.
The first aspect is dealt with in the registration procedure, which in BSCW is based on email addresses, i.e. a prospective BSCW user has to have a valid email address. The registration procedure without administrator intervention further assumes that email messages to a personal email address cannot be read by third parties without the consent of the addressee. So, after successful registration the association of a BSCW user name with the owner of an email account is established. (We neglect the risk that an impostor intercepts the registration email traffic during transport over the Internet or on the prospective user’s computer system.)
In this way, public BSCW servers use a registration procedure that combines flexibility (users may register without administrator intervention) and traceability (in the case of problems, the server administrator can contact users via their email addresses).
Note: Your BSCW server may also be operated using a secure SSL (Secure Socket Layer) compatible Internet connection to improve security when connecting to BSCW. Ask your administrator.
The second aspect of authentication is dealt with in the log-in procedure. Here, BSCW uses the standard ‘basic authentication’ scheme of most Web browsers, which is based on simple passwords.
Note: Instead of the comparatively insecure basic authentication you may also identify yourself using X.509 Client Certificates when logging into BSCW. Ask your system administrator about this option.