Skip main navigation

What is Authentication?

In this video, you will learn about authentication in the context of IdAM.
6.4
So moving on from identification, we move into authentication. So with authentication, this is the act of confirming the truth of an attribute of a single piece of data claimed true by an entity. What kind of data are we talking about? Well, potentially our username and our password. So this is the process of confirming the identity when access to a restricted zone is attempted. So here we have issued credentials, and what we’re trying to do is to ensure that when the subject is attempting to access an object that we are verifying that the subject is who they say they are, that the identity matches. And so typically we do this, easiest example is through username and password.
56
So we verify the identity through the use of credentials. What kind of credentials might we use other than a password? Well, it very much depends on what our requirements are. In some instances, just entering a username may be fine. If we have a bank pass, typically we’re required to enter a four digit PIN number. For different types of transaction, of different levels of assets that we’re trying to protect, we may want greater levels of assurance for that. So authentication, we have typically three different ways in which somebody may be authenticated, and this is something people have, something people know, or something people are.
104
So each of these authentication factors covers a broad variety of elements that we can use as part of confirming that identity. So for something you know, we have the example that we’ve given of a password. Something you are typically relates to our biometric factors. And something you have can be some kind of token – very basic example would be that of a key, or a soft token, or hard token. So security research has determined that for positive authentication, ideally, we use at least two of those different factors. And, preferably, for high levels of authen– for strong authentication, stronger authentication that we use all three factors.
153
Worthwhile just saying, at this point, a common mistake that people make is to assume that if you ask for a username, and a password, and a PIN number that that represents multi-factor authentication, that we’re using more than one of the factors. That’s not the case. In that instance, what we are asking for is a username, which is something you know, a password, which is something you know, and a PIN number, which, again, is something you know. This is three examples of a single factor. With this example, if somebody has installed a key logger or somebody has access to your credentials, it’s easier to replay them or to falsify them.
198.6
So the use of a single factor twice, more than once, can add strength but nowhere near as much strength as using a second or a third factor. So we hear the term dual-factor, where we’re using two of those three factors, and multi-factor, where we use any number more than one. So typically the easier term to use these days is multi-factor, referenced as MFA.
227.3
So very commonly now, we’re seeing people are using their mobile devices as a second factor. People tend to have a smartphone, very, very high levels of ownership, and it’s something that people carry with them. It’s not the only way of doing that, and we’ll look at some different examples as we move on.

In this video, you will learn about authentication in the context of IdAM. Authentication can be thought of as three major processes:

  • confirming the truth of an attribute
  • confirming identity to a restricted security zone
  • verification of identity credentials

Reflect and share: Once you have watched the video, consider your own situation. What authentication types and processes are you using and why? Share in the comments below.

This article is from the free online

Cyber Security Foundations: Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education