Chapter 2. Authentication Technologies

Everywhere you go, you are constantly identifying and authenticating whomever you see. For example, the way you would identify a friend in a crowded mall is to look for familiar features. Is the person male or female ? What color is his/her hair? Is he/she short or tall? Is he/she wearing a familiar piece of clothing? When your friend sees you looking at him/her, that friend may respond by greeting you by name . By using your previous knowledge, you have authenticated that person as your friend. Can we be assured that we have the right person? Probably not 100%, but we have mitigated the risks and come to an acceptable level of comfort with his/her identity.

The above scenario is very similar to what a computer system goes through when a user wants access. Computers should be only accessed by legitimate users. To know if a user is legitimate or not, the computer is supplied with a username and a method of authentication. The most common way to identify a user is through a username or identification (ID). These often take the following forms: last name, last name with first initial, employee ID, or a fully distinguished x.500 identifier. How a user authenticates depends on the authentication methods available.

There are three main ways to authenticate an identity:

1. Something you know, like a password or pass phrase

2. Something you have, like a token

3. Something you are, a measurable trait

These are often referred to as the three pillars of authentication . They can be used separately or combined for even stronger authentication. Let's look at each in further detail.