(Authentication|Access control|Identification) - AuthN

About

Authentication is the process that establishes the identity of a user who accesses a resource of an application (page, image,…)

It's abbreviated as AuthN for authentication versus AuthZ for authorization.

The process validates who you are. The system which does this validation is referred to as an (Identity|Authentication) Provider.

After a user has been authenticated, a session is created that holds all the navigation context data.

The next critical aspect in security building is the authorization step.

The process of creating, submitting, and verifying credentials is described simply as authentication, which is implemented through various authentication protocols

Ways

Basically, there are three ways to authenticate an individual:

  • by something the person knows,
  • by something the person has,
  • and by something the person is.

All these ways have been used from prehistory until the present day, and they all have different security properties and trade-offs.

More … Authentication Ways - something the person knows, has or is

Multiple Techniques (MFA)

Better authentication systems use two or more methods.

  • An ATM, for example, uses “something the person has”—an ATM card—and “something the person knows”—a PIN. (Then it takes the person’s picture, for audit purposes.)
  • A passport is a physical card that is hard to counterfeit and contains a photograph.
  • The door-locking device may uses both a PIN and a hand-geometry scanner.

See Multi-Factor Authentication (Mfa / 2fa)

Identification is not authentication

Systems that confuse identification with authentication can have significant insecurities.

Some systems use the last four digits of a Social Security number as an authentication code, even though a Social Security number is a public identification number. You can’t change it. You can’t prevent others from having it. It’s a unique identifier, but it’s hardly a secret: a good number to identify me by, but a terrible one to authenticate me by. Your mother’s maiden name is a similarly lousy authentication code.

Provider

An Authentication Provider implements the authentication method. See Authentication - (Authentication|Identity) Provider

Documentation / Reference


Powered by ComboStrap