Authentication is used to verify a user's identity to protect against data breaches. But how do you authenticate someone's ID? There are a number of ways.
What is an example of authentication? A common example of authentication would be a username and password someone would use when logging into a website. However, there are much more complex authentication processes including biometrics and token authentication.
What is Authentication?
Authentication is the process of proving that a user is who they claim to be to access system resources or features. Typically, this calls for some type of proof, whether that is a physical piece of information, a secret piece of information or some other immutable form of evidence.
Note that “authentication” is not the same as “identification”. Identification is the creation and establishment of an identity within a given context. In this case, a user in your network or IT systems. Authentication is the process of verifying a user matches a given identity. Therefore, to authenticate a user is to compare credentials against existing identities to confirm access.
With that in mind, several types of authentication can be linked to accounts to determine that they are who they say they are:
- Passwords: The most common form of user verification, passwords are simply hidden patterns of alphanumeric characters (letters, numbers, spaces and punctuation, depending on what is allowed). The password is compared against an identity marker (like an email or username) before access is granted.
- Tokens: Tokens can serve as a “verification” for users. Much like a ticket, a token shows different parts of your system that the user is who they say they are. Often, the user will have already provided some other form of authentication, like a password, to receive a token.
- Biometrics: Biometrics are the use of touch, fingerprints, facial recognition, voice or other forms of personal interaction to verify identity. The thinking is that these are much, much harder to steal or fake than passwords. Biometrics are quickly becoming common through mobile phones, laptops and tablets.
- Secret Codes: When a user tries to sign into your system, it can send a secret code to them via email, SMS messaging, or as a push notification through an app. These codes are refreshed over a short period of time and expire quickly.
- Secure Links: Secure links can also be sent over email or SMS text. The idea is that the user is the only person with access to these accounts, and as such should be the only one clicking the link.
What are Different “Factors” of Authentication?
With all the different authentication types available, it would seem likely that any one would work. But many of these approaches have drawbacks, whether that’s because of lack of security, poor user experience or costs. That’s why many systems use different “factors”, or combinations of types.
Essentially, authentication breaks down into three different factors:
- Knowledge factors, or things the user knows to log in. This includes passwords or PINs.
- Possession, which includes objects or items that the user has to authenticate. This includes tokens or codes sent to mobile devices via SMS or apps.
- Inherence, which includes aspects of the user that are unique to them, like fingerprints, iris scans or voice recognition.
With the factors in place, your organization can then combine these into either Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA). While 2FA is more specific, 2FA is essentially under the umbrella of MFA.
In either case, using MFA means that you use multiple, specific methods of different factors to increase security and better ensure the integrity of the authentication. For example, a common form of MFA is to require the user to enter a name and password (knowledge), and then ask for a follow-up code that was auto-generated and sent via SMS (possession).
Or, to link access to more hard-to-fake credentials, the user can enter a password and link it to a facial scan through their phone’s camera.
2FA is very common for user accounts. However, many enterprise systems call for more forms of authentication, sometimes without bothering the user (for example, generating tokens after password and biometric login, or requiring a physical badge and a fingerprint scan).
What is Passwordless Authentication?
With 1Kosmos BlockID, you can implement passwordless authentication utilizing some of the most advanced technology available, including:
- Advanced Biometrics: BlockID includes non-falsifiable biometrics and encrypted data in a low-friction and contact-free environment.
- Immutable logs and data records with Blockchain Ecosystem: Our system uses Ethereum blockchain technology to ensure that event logs and information are immutable and verifiable.
- Compliance: BlockID brings employees the level of access that ensures compliance with NIST 800-63-3 guidelines for IAL and AAL2.
With 1Kosmos BlockID, you can deploy secure, reliable and integrated passwordless authentication for your entire system. To learn how, discover more on why authentication is important. Also, sign up for the email newsletter to stay up to date on 1Kosmos products and services.