What is authentication?
- IAM Glossary
- What is authentication?
Authentication is the process that verifies a user's identity before allowing them to access network resources. It does this by requiring the user to provide their credentials, ensuring they are who they claim to be.
First, the user will attempt to access a resource. The authentication system will ask the user to provide credentials, such as a username and password. Once the user has provided this, the system will compare these credentials to the ones stored in its database or verify it through an external authentication service. If the credentials are valid, the user gains access to the system.
Authentication vs authorization: What’s the difference?
While authentication focuses on verifying a user or system's identity, authorization focuses on verifying the resources the users or systems have access to. Authentication and authorization are both fundamental components when protecting your organization from unauthorized access. Once a user undergoes the authentication process, the authorization process follows.
Both of these components are closely related and work together to ensure the security and management of an organization.
The importance of authentication
Authentication is a common cybersecurity measure due to its benefits, such as increasing an organization's security, fulfilling compliance regulations and enhancing user experience.
Increases security: Strong authentication ensures that only authorized users can access sensitive information and resources.
Meets compliance regulations: Compliance regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR) require organizations to take measures to protect data and prevent security risks. Strong authentication fulfills these guidelines by reducing the risk of data breaches through their meticulous verification process.
Enhances user experience: Implementing robust authentication methods like passwordless authentication enhances the user experience by eliminating the need for users to remember complex passwords. For example, biometric facial authentication offers a seamless experience as it just simply scans the user's face and directs them to their granted resources.
Authentication factors
Authentication factors can be divided into four categories: something you know, something you have, something you are and somewhere you are.
Something you know
Authentication factors for something you know are based on a user’s knowledge. Factors that fall under this category include a password, PIN or the answer to a security question.
Something you have
Authentication factors for something you have are based on a user’s possession. Factors that fall under this category include a virtual or physical token. An example of a virtual token is a one-time security code that is provided by an authenticator app. An example of a physical token is a smart card or hardware security key.
Something you are
A user’s biometrics are used as authentication factors for something you are. Factors that fall under this category include facial recognition, fingerprint scan, iris or retina scan.
Somewhere you are
A user’s geographic location is used as the authentication factor for somewhere you are. An individual's location can determine which network resources can be used because some applications and services may not be available in certain places.
Types of authentication
Here are the five common types of authentication methods.
Single-factor authentication (SFA)
Single-factor authentication is a simple method that requires users to provide one set of credentials for authentication. This is the most common form of authentication as it typically just asks for a username and password.
Two-Factor Authentication (2FA)
Two-factor authentication is a method that requires users to provide two separate forms of identification for verification. With 2FA enabled, users can utilize the same authentication category for both factors. For example, in addition to asking for a username and password, an authentication system will ask for another form of authentication such as an answer to a security question.
Multi-Factor Authentication (MFA)
Multi-factor authentication is a method that requires users to verify their identity with two or more authentication factors. With MFA enabled, it is required that each factor stems from a different authentication category. The purpose of multi-factor authentication is to provide extra layers of security beyond the traditional username and password. Since passwords can be easily compromised, multi-factor authentication mitigates threats by making it exponentially more difficult for cybercriminals to compromise an account since they don’t have the additional factor.
Passwordless authentication
Passwordless authentication is the process of verifying a user’s identity without them ever having to enter a traditional password. Some passwordless authentication methods include biometrics, Time-based One-Time Passwords (TOTPs), magic links and passkeys.
Single Sign-On (SSO)
Single sign-on authentication allows users to log in to multiple applications or services with one set of credentials. Single sign-on eliminates the need for users to memorize and enter every set of credentials for each application. The idea behind single sign-on is to make it easier and more efficient for users to access their resources without having to log in numerous times.