Imagine that you hear a knock on your door and peep through the door to be sure who is at the door before any attempt to let such a person in.
This is also known as Authentication.
Authentication is a process of verifying a user of an application or account. It is a system of double-checking to establish the credibility of a user trying to gain access to a computer or an account.
This exists to ensure that the real user maintains authority over specific secure systems (accounts, computers). You need to input your password before gaining access as a registered member of a platform.
Types of Authentication
1. Something You Know
This is as the name implies something you have in your mind, which is something you are cognitively aware of. The most popular of use case of this is the use of passwords. This is because they are easy to use, set up and maintain. Another example of something you know is the use of a PIN, which is the often the use of numerals for authentication, an example of this would be the PIN you set up for your ATM card. Security questions also fall into this category. These are questions you are asked when setting up an account, such as your motherās maiden name, name of your pet. Etc. You are prompted to answer your chosen security question in the event that you cannot remember your password.
2. Something You Have
This is something you have in your possession that is used for authenticating your identity. This can be a physical object or a digital artifact on a computing device which is unique to you that provides a passcode or key. Popular examples of this are Hardware tokens, smart cards and Certificate based authentication which involves identifying users, devices, or machines via using digital certificates. A digital certificate represents your digital identity. It is an electronic document based on an existing driverās license or passport. You provide digital certificates when you attempt to sign into a server. The server subsequently verifies the credibility of the digital certificate. Other popular implementations of this are the use of applications like Google Authenticator and text verification codes.
3. Something You Are
This is known as Biometric Authentication. It involves providing your unique biological characteristics to verify your identity. The provided biological characteristics such as facial features and thumbprint are easily compared to the authorized features stored in the database of a network system or server. Here are common biometric methods:
- Facial recognition: You can only gain access to a server when your facial features match the facial characteristics that you have provided during registration.
- Eye scanners: Iris scanners project a bright light towards the eye and search for unique patterns in the coloured ring around the pupil of the eye. The patterns are then compared to approved information stored in a database. Eye-based authentication may suffer inaccuracies if a person wears glasses or a contact lens
- Fingerprints scanner: It involves matching the unique patterns on an individualās fingerprints and creating a unique identity from the registered patterns. Some new versions of fingerprint scanners can even assess the vascular patterns in peopleās fingers. Fingerprint scanners are currently the most popular biometric technology for everyday consumers, despite their frequent inaccuracies.
- Speaker recognition: It can also be called voice biometrics. It examines your speech patterns for the formation of specific shapes and sound qualities. A voice-protected device usually relies on standardized words to identify users, just like a password.
4. Something You Do
This is an action you must perform to be authenticated. For example, in Windows you can set up a feature called Picture Password. This allows the user of the device to set up gestures and touches on a picture as a way to authenticate themselves. Another example is performing a CAPTCHA request, by selecting the right pictures or solving some puzzle you authenticate that you are a human and not a bot.
5. Somewhere You Are
This authentication method makes use of location, if you are not in the required location, the authentication fails. One of the most common ways of implementing this is using Internet Protocol (IP) addresses. Since these addresses are location specific, they can be used for Geolocation security checks. An example of this is when an admin sets a server to only accept login requests from an IP from a particular country.
āSomething You Doā and āSomewhere You Areā are weaker forms of authentication are rarely used as standalone but rather in combination with other methods of authentication