Details of credentials provided for identification are nothing but claims of truth and there must be a system of validating those credentials. Authentication is the process of confirming the identity of a person, who is otherwise referred to as a user in the network. In order to access a particular information, many websites require the user to provide a registered username and password. It is a simple process of authentication which prevents non-registered users from accessing the information. Other credentials include digital certificates and documents.
Levels of Authentication
Depending on the levels established in the process of authentication, they can be divided into three types: one-factor, two-factor and three-factor authentication.
- One-factor authentication: This type of authentication involves the use of just one kind of detail gathered from the user. Such a detail is usually the username and password which were provided by the network administrator at the time of registration. The user will be granted access to the network only if there is a match between the username and password provided by him.
- Two-factor authentication: Here, the authentication is taken to a new level by also including a device of authentication provided to the user at the time of registration (e.g. a credit card, mobile phone and dongle). The user will be granted access to the network only if he is recognized by the device at first. Upon clearing the first step, he should provide a correct password.
- Three-factor authentication: For high-security systems where sensitive information is protected, two-factor authentication may not be sufficient. There is a need for another level of authentication which gives the user a high degree of authority and control. Hence, the user should clear the third step of authentication by providing his fingerprint or eye-scan. The access will be granted only if the scan data match with the records.
Authentication and Authorization
Authentication is different from authorization in the following ways.
- The information gathered in the process of authentication is used by the server to find out the identity of the person attempting to access information. Authorization is where the server must find out whether the user is permitted to use the data or information.
- Username and password is a must in the process of authentication, whereas a password is not necessarily required for authorization.
- Authorization can be combined with the process of authentication in order to deepen the security of a network. It also helps the server to determine the right identity of the user.
- There may be no authorization of some files and resources. They are open to use for anybody. Such data fall especially under the public domain. The need for authentication in such systems may vary.