What is Authentication?
Authentication is the process of proving that a user is who they claim to be to access system resources or features. Typically, this calls for some type of proof, whether that is a physical piece of information, a secret piece of information or some other immutable form of evidence.
Note that “authentication” is not the same as “identification”. Identification is the creation and establishment of an identity within a given context, while authentication is the verification of a user through the use of that identity and associated credentials.
This isn’t to mention the completely different case of “authorization” that determines user permissions to access resources. In this case, a user in your network or IT systems. Authentication is the process of verifying a user matches a given identity. Therefore, to authenticate a user is to compare credentials against existing identities to confirm access.
How Does Authentication Work?
Authentication works by collecting credentials from users that are connected to a digital identity. If those credentials match the credentials in the system, the user is authenticated and given access to the system.
With that in mind, several types of authentication credentials can be linked to accounts to determine that they are who they say they are:
- Passwords: The most common form of user verification, passwords are simply hidden patterns of alphanumeric characters (letters, numbers, spaces and punctuation, depending on what is allowed). The password is compared against an identity marker (like an email or username) before access is granted.
- Tokens: Tokens can serve as a “verification” for users. Much like a ticket, a token shows different parts of your system that the user is who they say they are. Often, the user will have already provided some other form of authentication, like a password, to receive a token.
- Biometrics: Biometrics are the use of touch, fingerprints, facial recognition, voice or other forms of personal interaction to verify identity. The thinking is that these are much, much harder to steal or fake than passwords. Biometrics are quickly becoming common through mobile phones, laptops and tablets.
- Secret Codes: When a user tries to sign into your system, it can send a secret code to them via email, SMS messaging, or as a push notification through an app. These codes are refreshed over a short period of time and expire quickly.
- Secure Links: Secure links can also be sent over email or SMS text. The idea is that the user is the only person with access to these accounts, and as such should be the only one clicking the link.
What are Different “Factors” of Authentication?
With all the different authentication types available, it would seem likely that any one would work. But many of these approaches have drawbacks, whether that’s because of lack of security, poor user experience or costs. That’s why many systems use different “factors”, or combinations of types.
Essentially, authentication breaks down into three different factors:
- Knowledge factors, or things the user knows to log in. This includes passwords or PINs.
- Possession factors, which includes objects or items that the user has to authenticate. This includes tokens or One-Time Passwords (OTPs) sent to mobile devices via SMS or apps.
- Inherence factors, which includes aspects of the user that are unique to them, like fingerprints, iris scans or voice recognition.
While these are the most common factors, others are quickly becoming the norm. Some, like location factor (using device location information) or time factor (using system clock information) are refining authentication based on factors like the time of day or proximity to a location.
Multi-Factor Authentication vs. Two-Factor Authentication
With the factors in place, your organization can then combine these into either Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA). While 2FA (using only two authentication factors) is more limited, 2FA is essentially under the umbrella of MFA.
In either case, using MFA means that you use multiple, specific methods of different factors to increase security and better ensure the integrity of the authentication. For example, a common form of MFA is to require the user to enter a name and password (knowledge), and then ask for a follow-up code that was auto-generated and sent via SMS (possession).
Or, to link access to more hard-to-fake credentials, the user can enter a password and link it to a facial scan through their phone’s camera.
2FA is very common for user accounts. However, many enterprise systems call for more forms of authentication, sometimes without bothering the user (for example, generating tokens after password and biometric login, or requiring a physical badge and a fingerprint scan).
In many cases, this is how machine authentication works–instead of requiring user input, the authentication system can simply take a token from an authenticated device.
What is Passwordless Authentication?
With 1Kosmos BlockID, you can implement passwordless authentication utilizing some of the most advanced technology available, including:
- Advanced Biometrics: BlockID includes non-falsifiable biometrics and encrypted data in a low-friction and contact-free environment.
- Immutable logs and data records with Blockchain Ecosystem: Our system uses Ethereum blockchain technology to ensure that event logs and information are immutable and verifiable.
- Compliance: BlockID brings employees the level of access that ensures compliance with NIST 800-63-3 guidelines for IAL and AAL2.
With 1Kosmos BlockID, you can deploy secure, reliable and integrated passwordless authentication for your entire system. To learn how, discover more on why authentication is important. Also, sign up for the email newsletter to stay up to date on 1Kosmos products and services.