Authentication

(OBJ 1.2)

Authentication definition

• Security measure that ensures individuals or entities are who they claim to be during a communication or transaction
• Basically, authentication focuses on verifying the identity of individuals or entities participating inside of a digital interaction.

5 commonly used authentication methods

• Something you know (Knowledge Factor)
  • Relies on information that a user can recall
  • Example: Password
• Something you have (Possession Factor)
  • Relies on the user presenting a physical item to authenticate themselves
  • Example: authentication badge, OTP code.
• Something you are (Inherence Factor)
  • Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be
  • Example: Biometric authentication, face-ID, fingerprint reader
• Something you do (Action Factor)
  • Relies on the user conducting a unique action to prove who they are
  • Example: Secret handshake
• Somewhere you are (Location Factor)
  • Relies on the user being in a certain geographic location before access is granted
  • Example: Geofencing

Two-Factor Authentication (2FA)

• Exactly two authentication methods from the list above

Multi-Factor Authentication System (MFA)

• Two or more authentication methods
• Security process that requires users to provide multiple methods of identification to verify their identity
• Even if one factor is compromised, the attacker cannot still get access because there would be other factors that need to be authenticated

Important for 3 main reasons

• To prevent unauthorized access
  • Keeping malicious authors out of your network
• To protect user data and privacy
  • Personal and sensitive data is only being shown to authorized users
• To ensure that resources are accessed by valid users only
  • Manage share resources within a group of authorized users