Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Acronyms, Wikipedia.
Related to authentication: Authentification


Security measure designed to protect a communications system against fraudulent transmissions and establish the authenticity of a message.


The verification of the identity of a person or process. In a communication system, authentication verifies that messages really come from their stated source, like the signature on a (paper) letter. The most common form of authentication is typing a user name (which may be widely known or easily guessable) and a corresponding password that is presumed to be known only to the individual being authenticated. Another form of authentication is biometrics.


(1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.

(2) Verifying the identity of a user logging into a network. Passwords, digital certificates, smart cards and biometrics can be used to prove the identity of the client to the network. Passwords and digital certificates can also be used to identify the network to the client. The latter is important in wireless networks to ensure that the desired network is being accessed. See identity management, identity metasystem, OpenID, human authentication, challenge/response, two-factor authentication, password, digital signature, IP spoofing, biometrics and CAPTCHA.

Four Levels of Proof

There are four levels of proof that people are indeed who they say they are. None of them are entirely foolproof, but in order of least to most secure, they are:

1 - What You Know
Passwords are widely used to identify a user, but only verify that somebody knows the password.

2 - What You Have
Digital certificates in the user's computer add more security than a password, and smart cards verify that users have a physical token in their possession, but both laptops and smart cards can be stolen.

3 - What You Are
Biometrics such as fingerprints and iris recognition are more difficult to forge, but you have seen such systems fooled in the movies all the time!

4 - What You Do
Dynamic biometrics such as hand writing a signature and voice recognition are the most secure; however, replay attacks can fool the system.
References in periodicals archive ?
Naka city chose to adopt Fujitsu's contactless palm vein authentication technology for use in its new public library in view of offering convenience and safety to library users.
TACS helps prevent credential theft and the use of stolen credentials by using multi-part credentials and matching authentication strength to risk for different user groups.
Presently, Hitachi's finger vein authentication system business generates sales of several billions of yen, including related systems.
What specific risks can FIs address with the Evolving Authentication Platform?
CRYPTOCard has seen a marked escalation in demand for its cost-effective two-factor authentication over the past year, and Gary's depth of experience in sales and marketing, combined with his global knowledge of the systems integration market, make him the ideal candidate to drive CRYPTOCard's international Partnerships and Alliances to new levels.
E-mail authentication protects both end-user recipients and e-mail administrators.
Kerberos and LDAP also figure in the emerging Public Key Infrastructure (PKI) method of user authentication, which uses encrypted "certificates" to vouch for properly identified network users.
By securing the log-in process with the Authenex system, we can deliver a network authentication solution for mid-size enterprises that is safe, easy and effective, and offers IT managers superior control over their firm's Internet access.
The launch of the calculation is done by entering a Pin code on a cellphone keypad, which constitutes, with the OTP, the second factor of authentication.
DH-CHAP: Diffie-Hellman Challenge Handshake Authentication Protocol
Arcot's authentication solution, WebFort, enhances the protection for information cards that reside on the user's desktop, by adding a portable, multi-factor authentication layer.

Full browser ?