Authentication Flashcards
What is authentication (authn)?
Authentication is the process of identifying users that request access to a system, network, or device. Access control often determines user identity according to credentials like username and password. Other authentication technologies like biometrics and authentication apps are also used to authenticate user identity.
5 Common Authentication Types
- Password-based authentication
- Multi-factor authentication
- Certificate-based authentication
- Biometric authentication
- Token-based authentication
What is Multi-factor authentication?
Multi-Factor Authentication (MFA) is an authentication method that requires two or more independent ways to identify a user. Examples include codes generated from the user’s smartphone, Captcha tests, fingerprints, voice biometrics or facial recognition.
MFA authentication methods and technologies increase the confidence of users by adding multiple layers of security. MFA may be a good defense against most account hacks, but it has its own pitfalls. People may lose their phones or SIM cards and not be able to generate an authentication code.
What is Password-based authentication?
Passwords are the most common methods of authentication. Passwords can be in the form of a string of letters, numbers, or special characters. To protect yourself you need to create strong passwords that include a combination of all possible options.
What is Certificate-based authentication?
Certificate-based authentication technologies identify users, machines or devices by using digital certificates. A digital certificate is an electronic document based on the idea of a driver’s license or a passport.
The certificate contains the digital identity of a user including a public key, and the digital signature of a certification authority. Digital certificates prove the ownership of a public key and issued only by a certification authority.
Users provide their digital certificates when they sign in to a server. The server verifies the credibility of the digital signature and the certificate authority. The server then uses cryptography to confirm that the user has a correct private key associated with the certificate.
What is Biometric authentication?
Biometrics authentication is a security process that relies on the unique biological characteristics of an individual. Here are key advantages of using biometric authentication technologies:
Biological characteristics can be easily compared to authorized features saved in a database.
Biometric authentication can control physical access when installed on gates and doors.
You can add biometrics into your multi-factor authentication process.
What is Token-based authentication?
Token-based authentication technologies enable users to enter their credentials once and receive a unique encrypted string of random characters in exchange. You can then use the token to access protected systems instead of entering your credentials all over again. The digital token proves that you already have access permission. Use cases of token-based authentication include RESTful APIs that are used by multiple frameworks and clients.
What are the most common authentication protocols?
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
Extensible Authentication Protocol (EAP)
What is Password Authentication Protocol (PAP)?
While common, PAP is the least secure protocol for validating users, due mostly to its lack of encryption. It is essentially a routine log in process that requires a username and password combination to access a given system, which validates the provided credentials. It’s now most often used as a last option when communicating between a server and desktop or remote device.
What is Challenge Handshake Authentication Protocol (CHAP)?
CHAP is an identity verification protocol that verifies a user to a given network with a higher standard of encryption using a three-way exchange of a “secret.” First, the local router sends a “challenge” to the remote host, which then sends a response with an MD5 hash function. The router matches against its expected response (hash value), and depending on whether the router determines a match, it establishes an authenticated connection—the “handshake”—or denies access. It is inherently more secure than PAP, as the router can send a challenge at any point during a session, and PAP only operates on the initial authentication approval.
What is Extensible Authentication Protocol (EAP)?
This protocol supports many types of authentication, from one-time passwords to smart cards. When used for wireless communications, EAP is the highest level of security as it allows a given access point and remote device to perform mutual authentication with built-in encryption. It connects users to the access point that requests credentials, confirms identity via an authentication server, and then makes another request for an additional form of user identification to again confirm via the server—completing the process with all messages transmitted, encrypted.
