Term of the Moment

cross-browser


Look Up Another Term


Redirected from: user authentication

Definition: authentication


(1) Verifying the integrity of a transmitted message. See message integrity, email authentication and MAC.

(2) Verifying the identity of a user logging into a network or computer. Passwords, digital certificates, smart cards and biometrics can be used to prove user identity (see below). Digital certificates can also be used to identify the network to the client. See digital certificate, identity management, identity metasystem, OpenID, human authentication, challenge-response, IP spoofing and CAPTCHA.

Four Levels of Proof
The four levels of proof follow in order of least secure to most secure. None of them are entirely foolproof, which is why two methods are widely used (see two-factor authentication).

1 - What You Know
Passwords only verify that somebody knows the correct combination of characters. The answer to a security question such as "what is the name of your grandmother?" is in the same category. Although more personal, almost any data can be researched on the Web. See password.

2 - What You Have
A private cryptographic key in the computer is far more secure than a password, and authentication tokens, such as a USB key, verify that there is a physical item in the user's possession. However, computers and USB tokens can be stolen. See challenge-response, digital signature, public key cryptography and authentication token.

3 - What You Are
Biometrics such as fingerprint and iris recognition are more difficult to forge, but these systems can be fooled. See biometrics.

4 - What You Do
Dynamic biometrics such as hand writing a signature and speaking a particular phrase are the most secure; however, replay attacks can fool the system.