Authentication is the process by which credentials are presented and validated to enable access. There are a number of different methods of authentication. Passwords are the most common type of authentication and are usually coupled with user identification (user IDs). Tokens and certificates are often used in place of passwords to provide a higher level of security. Tokens can contain unique identifiers (e.g., digital signatures or keys). Tokens can also store biometric data—for example, fingerprints.
There are several different types of combinations of authentication. Higher levels of security are generally associated with more levels of authentication (multifactor). For example, two-factor authentication might include a token and a password. Kerberos is a protocol for authentication made up of two components: a ticket (distributed by a service) for user authentication and a key that is developed from the user's password. Another authentication scheme is the Challenge-Handshake Authentication Protocol (CHAP), which uses a representation (hash) of the user's password to authenticate.
Resources
Required
- NIST Special Publication 800-57 Part 1
- How to Authenticate Users with API Keys
- Has the Time Come to Kill the Password?
- Key Management Cheat Sheet
- User Authentication with OAuth 2.0
- Centralized Authentication Using OpenLDAP
- Message Authentication Codes
Recommended
- Production Best Practices: Security
- Broken Authentication and Session Management
- Message Authentication and Source Privacy in Wireless Networks
- Biometrics
- Security How-To: WPA2-Enterprise on Your Home Network
- Protecting Your System: User Access Security
- Authentication
- Toward Secure and Dependable Message Authentication in WSN
- OWASP Top 10 for .NET Developers Part 3: Broken Authentication and Session Management
- Activity: Message Authentication
- Authentication Summary
- Multifactor Authentication Overview
- Authentication and Information Assurance