Identification and Authentication Flashcards
Identification
Makes a claim about what someone or something is
Authentication
Set of methods to establish whether a claim of identity is true
How can ID and authentication methods be fragile?
Rely on competence of person or system performing authentication
Who we claim to be
Tenuous concept, based on things that can change, are not unique, or can be fabricated or faked
Identity verification
Step beyond identification but short of authentication
Ex: show driver’s license, when send email, ID you provide is taken to be true and not authenticated
Reason for spam
Factors for authentication
Something you know
Something you are
Something you have
Something you do
Where you are
Something you know
Authentication factor
Ex: passwords, PINs
Somewhat weak because information may be exposed
Something you are
Authentication factor
Based on unique physical attributes of someone (biometrics)
Something you have
Authentication factor
Based on physical possession, can extend into logical concepts
Ex: ID cards, software-based security tokens, access to logical devices, ie, email or cell phones
Something you do
Authentication factor
Based on actions or behaviors of individual; overlap with something you are
Ex: gait or handwriting
Higher rate of rejection of legit users
Where you are
Authentication factor
Requires person to be present at a specific location
Multifactor authentication
Uses one or more factors discussed
Mutual authentication
Both parties in a transaction authenticate each other. Typically software-based.
Digital certificates
Better name for a strong password?
Complex
Manual synchronization of passwords
Using the same password everywhere