You are here: Home What Security Concepts Understanding authentication

Understanding authentication

Everybody logs into web sites. What do you do when you log in? You enter a username and password. Why do we need a password, cannot we just say 'my username is so and so'? Well, its fairly obvious that we cannot do that - as anyone can say that their username is what mine is. It means that we prove our ownership of that username by the password we provide.

And since the web site you are logging into previously gave you the password (hopefully using secure methods), it 'trusts' that it is you who is logging in. This is one way to validate that it is you indeed. The process of validating one's identity is called Authentication, in the security world.

Authentication need not be password based, there are many other techniques. In the outside world, we use visual clues (we can recognize people by looking at them), audio clues (we can recognize people by their voice), touch clues and so on. In the offices, we have identity cards that let us be recognized as a valid employee, as well as open doors. A ticket to a game is also an authentication technique, albeit less technical.

In the computer world, or more specifically in the digital world, passwords were the first technique invented for authentication. It has really survived a long period, compared to so many technologies we have seen in our lives. However, inherent weaknesses in passwords are exposing people to vulnerabilities. With more or less all of our information available in the digital world, passwords are standing out as the weak guards.

Interestingly, as we get more and more digitzed, newer, more secure, techniques are being invented. Temporary or one-time-passwords, soft or hard tokens, phone based verification, facial recognition, voice and finger print recognition, graphical passwords, pattern based techniques and so on. Now, we really have a choice, and secure alternatives to passwords, for authentication.



References



Warning: include(../../stdFooter.php): failed to open stream: No such file or directory in /opt/apache/htdocs/seqrly/docs/what/concepts/authentication.php on line 52

Warning: include(): Failed opening '../../stdFooter.php' for inclusion (include_path='.:/usr/local/lib/php') in /opt/apache/htdocs/seqrly/docs/what/concepts/authentication.php on line 52

Warning: include(../../stdScripts.php): failed to open stream: No such file or directory in /opt/apache/htdocs/seqrly/docs/what/concepts/authentication.php on line 53

Warning: include(): Failed opening '../../stdScripts.php' for inclusion (include_path='.:/usr/local/lib/php') in /opt/apache/htdocs/seqrly/docs/what/concepts/authentication.php on line 53