Authentication
Authentication is the process of verification of evidence of an entity's identity and asserting the authenticity of the identification material that the entity has presented. It establishes the identity and ensures that the entities are who they claim. Authentication applies to a variety of subjects, such as users, networks, API callers, and processes.
User Authentication
In user authentication on a computer, a user presents an identity (userid) or ID to a computer login screen and then provides a password. The computer system authenticates the user by verifying that the password corresponds to the individual presenting the ID.
Authentication of a user is based on the following three factor types:
- Type 1: Something you know, such as a personal identification number (PIN) or password
- Type 2: Something you have, such as an ATM card or smart card
- Type 3: Something you are (physically), such as a fingerprint or retina scan
Sometimes a fourth factor, something you do, is added to this list. Something you do might be typing your name or other phrases on a keyboard. This factor is sometimes known as behavioral authentication. Conversely, something you do can be considered something you are.
Two-factor authentication refers to the act of requiring two of the three factors to be used in the authentication process. For example, withdrawing funds from an ATM machine requires a two-factor authentication in the form of the ATM card (something you have) and a PIN number (something ...
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
