Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Acronyms, Wikipedia.
Related to authentication: Authentification
Security measure designed to protect a communications system against fraudulent transmissions and establish the authenticity of a message.
The verification of the identity of a person or process. In a communication system, authentication verifies that messages really come from their stated source, like the signature on a (paper) letter. The most common form of authentication is typing a user name (which may be widely known or easily guessable) and a corresponding password that is presumed to be known only to the individual being authenticated. Another form of authentication is biometrics.
authentication(1) Verifying the integrity of a transmitted message. See message integrity, email authentication and MAC.
(2) Verifying the identity of a user logging into a network or computer. Passwords, digital certificates, smart cards and biometrics can be used to prove user identity (see below). Digital certificates can also be used to identify the network to the client. See digital certificate, identity management, identity metasystem, OpenID, human authentication, challenge/response, IP spoofing and CAPTCHA.
Four Levels of Proof
The four levels of proof follow in order of least secure to most secure. None of them are entirely foolproof, which is why two methods are widely used (see two-factor authentication).
1 - What You Know
Passwords only verify that somebody knows the correct combination of characters. The answer to a security question such as "what is the name of your grandmother?" is in the same category. Although more personal, almost any data can be researched on the Web. See password.
2 - What You Have
A private cryptographic key in the computer is far more secure than a password, and authentication tokens, such as a USB key, verify that there is a physical item in the user's possession. However, computers and USB tokens can be stolen. See challenge/response, digital signature, public key cryptography and authentication token.
3 - What You Are
Biometrics such as fingerprint and iris recognition are more difficult to forge, but these systems can be fooled. See biometrics.
4 - What You Do
Dynamic biometrics such as hand writing a signature and speaking a particular phrase are the most secure; however, replay attacks can fool the system.