Home

AUTH

AUTH is shorthand for authentication in computing, the process of verifying the identity of a user, device, or entity requesting access. It is distinct from authorization, which determines what an authenticated entity is allowed to do. Together, authentication and authorization form the core of access control in computer systems.

Credentials used for authentication vary and may involve something the user knows (password or PIN), something

Many standards and protocols support authentication in different contexts. OpenID Connect and OAuth 2.0 facilitate user

Security best practices for AUTH include storing password hashes with a salt using a strong, slow hash

See also: Authentication, Authorization, Identity management, Access control.

the
user
has
(security
token,
smart
card),
or
something
the
user
is
(biometric
data).
Modern
systems
commonly
combine
factors
in
multi-factor
authentication.
In
addition,
passwordless
approaches
such
as
WebAuthn/FIDO2
rely
on
cryptographic
assertions
rather
than
passwords,
and
short-lived
tokens
are
often
issued
after
a
successful
authentication.
authentication
and
identity
in
web
applications,
while
SAML
is
used
for
enterprise
federation.
Kerberos
and
LDAP
provide
centralized
authentication
in
corporate
networks.
HTTP
defines
authentication
schemes
such
as
Basic,
Digest,
and
Bearer
tokens
in
the
Authorization
header;
FTP-based
systems
may
use
the
AUTH
command
to
negotiate
TLS
for
secure
transmission.
function,
enabling
MFA,
and
enforcing
strong
password
policies.
Tokens
should
have
limited
lifetimes
and
mechanisms
for
revocation
should
exist.
Sessions
should
be
protected
against
interception,
replay,
and
impersonation,
and
continuous
monitoring
and
auditing
should
be
employed.