Identification and Authentication Flashcards
What is the difference between identification and authentication?
Identification is the process of claiming an identity, while authentication is the process of verifying that the identity is legitimate.
What are some common examples of identifiers?
Full names, account numbers, usernames, ID cards, Email addresses.
What is identity verification, and how does it differ from authentication?
Identity verification is showing evidence of your identity (e.g., a driver’s license), while authentication is the process of proving that the identity claim is true.
Why is falsifying identification easy?
Because methods like fake IDs or identity theft can easily deceive systems, requiring more than just identity verification.
What does authentication involve?
Authentication involves methods used to verify if a claim of identity is true, but it doesn’t determine what the individual can do—that is authorization.
What are the five factors used in authentication?
Something you know
Something you are
Something you have
Something you do
Where you are
What is multi-factor authentication (MFA)?
MFA uses two or more factors of authentication to verify identity.
What is mutual authentication?
Mutual authentication is when both parties authenticate each other, typically in software-based systems.
Example: A client and a server authenticating each other.
What are the advantages of using complex passwords?
Complex passwords (long, with upper and lower case, digits, and special characters) are harder to crack and offer stronger security.
What is the disadvantage of using passwords and how can they be managed securely?
Passwords are relatively weak if not complex; using a password manager helps securely store them and avoids writing them down.
Changing them often
What is biometric authentication and give an example?
Biometric authentication uses unique physical characteristics to verify identity, such as fingerprints, iris scans, or facial recognition.
What are the key characteristics of biometric factors?
Universality, uniqueness, permanence, collectability, performance, acceptability, and circumvention.
What is the False Acceptance Rate (FAR)?
FAR is the rate at which an authentication system falsely accepts an unauthorized user.
What is the False Rejection Rate (FRR)?
FRR is the rate at which an authentication system wrongly rejects a legitimate user.
What is the Equal Error Rate (EER) in biometric systems?
EER is the point at which the FAR and FRR are equal, used to measure the overall accuracy of a biometric system.
What is a hardware token used for in authentication?
A hardware token is a physical device (e.g., key fob or credit card size) that generates a changing password or pin for secure authentication.
What are the disadvantages of using hardware tokens?
Hardware tokens can be lost or stolen, making them less secure than other methods.
What is the “Something You Know” factor in authentication?
“Something you know” refers to information that only the user should know.
What are some examples of “Something You Know”?
Password PIN
Passphrase
Security question answers (e.g., mother’s maiden name)
What is the “Something You Are” factor in authentication?
“Something you are” refers to biometric characteristics unique to the user.
Example: Fingerprints, facial recognition, iris scans.
What are some examples of “Something You Are”?
Fingerprints
Retinal scan
Facial recognition
Voiceprint (voice recognition)
What is the “Something You Have” factor in authentication?
“Something you have” refers to physical items or digital tokens that are in the user’s possession.
What are some examples of “Something You Have”?
ATM or bank cards,
Mobile phones with authentication apps (e.g., Google Authenticator),
Hardware security tokens (e.g., RSA SecurID),
USB security keys (e.g., YubiKey)
What is the “Something You Do” factor in authentication?
“Something you do” refers to behavioral patterns or actions unique to the individual.
What are some examples of “Something You Do”?
Keystroke dynamics (the rhythm of typing)
Gesture patterns on a touchscreen
The way you sign your name or write (signature dynamics)
What is the “Where You Are” factor in authentication?
“Where you are” refers to geographical or location-based authentication, usually tied to a specific area.
What are some examples of “Where You Are”?
Geolocation (GPS) to check if you are in the right location
IP address verification to determine if the access request is from a known location
Geofencing (restricting access to certain areas)
What is the difference between Authentication and Authorization?
Authentication verifies identity, while Authorization determines access rights.
