- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
Glossary
In its simplest form, authentication is the act of verifying a person's claim about his or her identity. There are multiple ways by which users can identify themselves, such as typing a username and password, swiping a smart card, waving a token device, or using voice recognition. In fact, the basis of authentication lies in the principle that without a proper form of identification, a system will not be able to authenticate a specific subject.
The proper identification of a person, application, device, or group is vital for safeguarding and maintaining the confidentiality, integrity, and availability of the company's IT infrastructure. Based on business policies, access controls can be created for authenticated users and information. Audit capabilities can be used to further help organizations make users accountable for their actions by identifying who did what, when, and where, as well as determining whether the organization complies with internal and external requirements.
The most common authentication methods include:
A frequently used form of secure authentication is two-factor authentication, a subset of multi-factor authentication. Two-factor authentication is the process in which users confirm their identities using two different authentication factors. A user is typically required to provide their password as well as a code from a text or email, a biometric factor, or a security token, also known as an authentication token. Two-factor authentication adds an extra layer of security to the authentication process as it makes it more difficult for attackers to gain unauthorised access. Unauthorised access is when someone gains access to information, a website, program, server, service, or other system without permission. Authentication is the process or verifying oneself, while authorisation is the process of verifying what you have access to.