User Authentication
User Authentication Definition
- [i] User Authentication) - (definition:: A process that verifies a user attempting to access services and applications are who they claim to be) - (subject:: Cybersecurity
User Authentication Example
Typically, authentication is done by providing some form of credential, such as a username and password, passkey, biometrics, and more.
A general overview of this process and what it looks like is:
This can be broken down into three key steps:
- Identification: The user provides their claimed identity in the form of a username or account name.
- Authentication: The user provides proof of their identity in the form of a credential (biometric, password, code)
- Authorization: Once the user's identity is verified, the system determines which resources and actions the user is permitted to access or perform.
In the above diagram, you can see that the authentication process requires support from a database. In general, there are two main models for implementing authentication, Centralized Authentication and Decentralized Authentication.
Authentication Factors
There are three main types of authentication factors:
- Knowledge-based: Something that you know (username, password, PIN, security questions)
- Possession-based: Something that you have (Security token, smart card, mobile device)
- Inherence-based: Something you are (Biometrics like a fingerprint, facial recognition, iris scan)
If you use multiple of these factors, that is Multi-Factor Authentication (MFA). If you use two, that is Two-Factor Authentication (2FA). This provides a stronger layer of security than a single factor.
Authentication Protocols
There are a variety of protocols and standards. I'll touch on a couple now:
- New Technology LAN Manager (NTLM): Default authentication mechanism in Windows
- Kerberos: A centralized authentication protocol used in Windows domains
- Remote Authentication Dial-In User Service (RADIUS): A client-server protocol for remote access authentication
- Terminal Access Controller Access Control System Plus (TACACS+): A remote access authentication protocol
- Extensible Authentication Protocol (EAP): Used extensively in wireless networks.