A

Authentication

Authentication is the process of verifying the identity of something or someone, often for security purposes, through some unique characteristic. Although the term has a specific meaning in the context of computer use, authentication is something people do on a regular basis. An object may be identified to an expert as an "authentic" antique by its manufacturer's mark or signature. An individual will be "authenticated" to family and friends by face recognition, or in the case of speaking, voice recognition. So for instance, in a telephone call to a friend, the caller is granted access to information that the call recipient regards as appropriate based on the recipient's recognition of the caller's voice. This is a basic form of authentication. In the computer world, authentication is the process by which a user (a person or a device) is granted access to a computer, a computer network, an application, or another form of information that is contained in or protected by a device or software.

Authentication can take numerous forms, and can require several factors. There are one-, two-, and three-factor authentication methods. A factor is a single representation of a user's identity. For example, in two-factor authentication, a user is required to provide two pieces of information in order to be verified by the requestor. The most common method of two-factor authentication is the use of a user identification name or account, and a password. The more factors that are involved, the higher the reliability of the verification process.

To be permitted access to a computer, a database, or a web site, for example, a user must provide unique credentials in response to a query from a device or requesting resource. This unique information could be a user identifier (userid or ID) and password combination, as mentioned earlier. It could also be a one-time use password or passcode, a token to be read by a special reader or application, or a biometric device used to read biological information that is obviously unique to the user, such as a fingerprint or retinal scan.

In the case of userid and password combinations, the resource being asked to provide access requires that the user present an ID and password that is supposed to be unique to that individual or user. This information has been previously stored in a database or other application, and is generally encrypted for added security. When requesting access to the resource, the user provides this combination of ID and password so that it can be compared to the combination that was previously stored. If they match, then access is granted. If not, the user may be prompted several times for the correct information. Access will not be granted until the correct combination is entered. Access can be blocked indefinitely if the number of failed attempts exceeds a predetermined amount. The purpose of this is to reduce the possibility of access by a non-authorized user who guesses at enough possible combinations to manage an accidental match.

A one-time use passcode or password requires some form of synchronization between the user and resource. For example, a computer system or application performs the duty of generating a passcode at a predetermined interval. The user has a token or other device that also generates the same password or passcode at precisely the same time. When users request access, they must present the generated password or passcode. This pass-code or password is generally valid for a predetermined period of time that usually varies from 30 seconds up to 30 minutes. A security benefit with this method is that the passcode is continually changing and one code is valid only within a limited and specific period of time.

A biometric scanner works differently. It may or may not require a userid. Instead, users, via some device, have a small portion of their bodies scanned—most commonly a fingerprint. This information has been previously recorded, as in the case of the userid/password combination described earlier. The requested resource then compares this information with what is on file. This information can be stored in itself or on another resource, and it is generally encrypted for added security. This form of authentication makes it more difficult for someone to impersonate or masquerade as an authorized user by attempting to pass along credentials belonging to someone else. Biometric devices can be expensive. One of the primary hurdles in their widespread use is arguably the societal fear of having a system or organization that possesses biometric data, such as fingerprints.

Another method of authentication involves the use of a token, which is a device or file that contains information permanently stored on or in it. For example, a typical Automated Teller Machine (ATM) requires the use of a card. The card stores the user's account number, along with other information. In addition to using an ATM card to initiate the transaction— neither a driver's license nor a credit card would work, for example—one must also be authenticated by the machine with the use of a personal identification number (PIN). Without the PIN, the user's ATM card will not provide the desired results, and without the card, the PIN is insufficient to identify the user with the bank's computers.

Another form of a token is a digital certificate. This is a file that contains information pertaining to a user or resource. It is stored on a computer or in an application, and it "invisibly" allows a user authorized access to something like an account, web site, or another computer. Digital certificates are becoming more popular as a form of user authentication for web site access or usage. An organization called Certificate Authority (CA) issues a certificate and, in doing so, verifies the identity of the owner. CAs can issue certificates to individuals, computers, or other CAs. Certificates are usually issued for a specific period of time, after which they expire; however, they can generally be renewed.

Authentication can be accomplished by various means. The most widely used method is by using the operating system of the resource a user wishes to access. Virtually all operating systems are able to require users to verify their identity through authentication mechanisms. Organizations such as large companies and the government may elect to install additional software programs with more advanced authentication mechanisms built in. This adds another layer of security to the authentication process.