Chapter 11. Passwords and Other Authentication MechanismsThe Last Line of Defense
This chapter is about passwords, but more than that, it is about authentication systems. Authentication is one of the three fundamental features of a secure (more correctly, a "securable") operating system. The other two components are authorization and auditing. Authentication is often confused with identification; the process of identifying a user. Authentication is the process of validating the identification for the purpose of gaining access to a system, network, application, or database. Authorization is the process of verifying whether the authenticated user is allowed to perform the action that is requested . Authorization is the topic primarily of Chapter 17, "Data-Protection Mechanism." Auditing, the process by which you track what users do on the system, is closely related to authorization, and is dealt with in the same chapter. In this chapter, we talk about passwords, and mostly about how they work on Windows. Many of the concepts are also applicable to other operating systems, but because Windows is the most widely used platform, and the one the authors work with every day, we focus on that one.