Authentication is the process of recognizing a user’s identity. Authentication keeps invalid users out of databases, networks, and other resources. These types of authentication use factors, a category of credential for verification, to confirm user identity.
Types of authentication
i.
Single-Factor/Primary Authentication
The most common form of
authentication, Single-Factor Authentication, is also the least secure, as it
only requires one factor to gain full system access. It could be a username and
password, pin-number or another simple code. While user-friendly, Single-Factor
authenticated systems are relatively easy to infiltrate by phishing, key
logging, or mere guessing.
ii. Two-Factor
Authentication (2FA)
Two-factor
authentication reinforces security efforts. It is an added layer that
essentially double-checks that a user is, in reality, the user they’re
attempting to log in as—making it much harder to break.
With this method, users
enter their primary authentication credentials (like the username/password
mentioned above) and then must input a secondary piece of identifying
information.
Possible secondary
factors are a one-time password from an authenticator app, a phone number, or
device that can receive a push notification or SMS code, or a biometric like
fingerprint (Touch ID) or facial (Face ID) or voice recognition.
iii. Multi-Factor
Authentication (MFA)
Multi-factor
authentication is a high-assurance method, as it uses more system-irrelevant
factors to legitimize users. Like 2FA, MFA uses factors like biometrics,
device-based confirmation, additional passwords, and even location or
behavior-based information (e.g., keystroke pattern or typing speed) to confirm
user identity. However, the difference is that while 2FA always utilizes only
two factors, MFA could use two or three, with the ability to vary between
sessions, adding an elusive element for invalid users.
Authentication
protocols
Authentication
protocols are the designated rules for interaction and verification that
endpoints (laptops, desktops, phones, servers, etc.) or systems use to
communicate.
Selecting the right authentication
protocol for an organization is essential for ensuring secure operations.
i. Password
Authentication Protocol (PAP)
PAP is the least secure
protocol for validating users, due mostly to its lack of encryption. It is
essentially a routine log in process that requires a username and password
combination to access a given system, which validates the provided credentials.
ii. Challenge
Handshake Authentication Protocol (CHAP)
CHAP is an identity
verification protocol that verifies a user to a given network with a higher
standard of encryption using a three-way exchange of a “secret.”
First, the local router
sends a “challenge” to the remote host, which then sends a response with an MD5
hash function. The router matches against its expected response (hash value),
and depending on whether the router determines a match, it establishes an
authenticated connection—the “handshake”—or denies access.
It is inherently more
secure than PAP, as the router can send a challenge at any point during a
session, and PAP only operates on the initial authentication approval.
iii. Extensible
Authentication Protocol (EAP)
This protocol supports many
types of authentication, from one-time passwords to smart cards. When used for
wireless communications, EAP is the highest level of security as it allows a
given access point and remote device to perform mutual authentication with
built-in encryption. It connects users to the access point that requests
credentials, confirms identity via an authentication server, and then makes
another request for an additional form of user identification to again confirm
via the server—completing the process with all messages transmitted, encrypted.
No comments:
Post a Comment