Authentication
Authentication is the process of verifying the identity of a user or system. It ensures that the person or entity attempting to access a system or service is who they claim to be.
- It typically involves something the user knows (password), something the user has (security token or smartphone), or something the user is (biometric data like a fingerprint or face scan).
Example: Logging into an online account by entering a username and password is a form of authentication.
Authentication Mechanisms
Authentication is the first step in securing an OS, as it verifies the identity of users or devices.
Common authentication mechanisms include:
- Password-Based Authentication
- Multi-Factor Authentication (MFA)
- Biometric Authentication
- Certificate-Based Authentication
- Token-Based Authentication
1.) Password-Based Authentication
It requires users to enter a unique password associated with their account to verify their identity. It’s one of the most widely used authentication methods, relying on something the user knows (password) to confirm identity.
- Example: Logging into a computer or email account with a username and password.
2.) Multi-Factor Authentication (MFA)
It enhances security by requiring two or more forms of verification from different categories: something the user knows (password), something the user has (smartphone for OTP), or something the user is (biometric data like fingerprints). This layered approach makes unauthorized access significantly harder.
- Provides an extra layer of security beyond passwords alone.
This usually includes:
- Something you know (password or PIN),
- Something you have (smartphone for OTP),
- Something you are (biometric data).
Example: Logging into a bank account with a password and a one-time passcode sent to a mobile device.
3.) Biometric Authentication
It uses unique biological characteristics (such as fingerprints, facial recognition, or iris scans) to verify identity. Biometrics offer a secure and convenient way to authenticate since they rely on something the user is.
Example: Unlocking a smartphone with a fingerprint or facial recognition.
4.) Certificate-Based Authentication
It uses digital certificates issued by a trusted certificate authority (CA) to verify the identity of users or devices. A digital certificate contains encrypted data to prove the holder’s identity, ensuring secure connections and access control.
- Highly secure, especially for device authentication; reduces dependency on passwords.
Example: Client certificates used in SSL/TLS to establish secure connections.
5.) Token-Based Authentication
It relies on a token (a unique code or digital key) as proof of identity. Tokens can be time-based, generated by an app, or stored on a physical device (like a USB security key). This method adds a dynamic layer to authentication, reducing reliance on static credentials like passwords.
- Example: Entering a time-limited code generated by an app to access online services.
Authorization
Authorization is the process of determining what an authenticated user is allowed to do within a system.
- Once a user’s identity has been verified, authorization defines their permissions and access levels, such as which files, applications, or resources they can use or modify.
Example: A bank teller may be authorized to view customer account information but not authorized to approve large transactions.