Authentication is the process that establishes the identity of a user who accesses a resource of an application (page, image,…)
It's abbreviated as AuthN for authentication versus AuthZ for authorization.
The process validates who you are.
The authentication mechanism (a user/password form for instance) starts when the user:
The system or function that validates the authentication is referred to as an (Identity|Authentication) Provider.
After a user has been authenticated, the session that holds all the navigation context data is updated and goes from a anonymous, to an authenticated state with the user identity.
The next critical aspect in security building is the authorization step.
The process of creating, submitting, and verifying credentials is described simply as authentication, which is implemented through various authentication protocols
Basically, there are three ways to authenticate an individual:
All these ways have been used from prehistory until the present day, and they all have different security properties and trade-offs.
More … Authentication Ways - something the person knows, has or is
Better authentication systems use two or more methods.
Systems that confuse identification with authentication can have significant insecurities.
Some systems use the last four digits of a Social Security number as an authentication code, even though a Social Security number is a public identification number. You can’t change it. You can’t prevent others from having it. It’s a unique identifier, but it’s hardly a secret: a good number to identify me by, but a terrible one to authenticate me by. Your mother’s maiden name is a similarly lousy authentication code.
An Authentication Provider implements the authentication method. See Authentication - (Authentication|Identity) Provider