Home

Authenticating

Authenticating, or authentication, is the process of establishing the claimed identity of a user, device, or service attempting to access a resource. It answers the question: are you who you say you are? Authentication complements authorization and accounting in access control.

Authenticators are classified by factors: something you know (passwords, PINs), something you have (security tokens, smart

Common methods and technologies include passwords, one-time codes, hardware tokens, cryptographic keys, and digital certificates. Biometric

Security practices include protecting credentials at rest and in transit, applying multi-factor methods, and using secure

cards,
mobile
devices),
and
something
you
are
(biometrics).
Many
systems
use
multi-factor
authentication,
combining
two
or
more
factors
to
increase
security.
Some
approaches
also
consider
where
the
user
is
or
how
the
access
request
is
made
as
contextual
factors.
verification
is
increasingly
used.
Modern
web
and
enterprise
systems
employ
protocols
such
as
TLS
with
mutual
authentication,
and
identity
frameworks
like
OAuth
2.0,
OpenID
Connect,
and
SAML
for
federated
authentication.
session
management.
While
biometrics
improve
convenience,
they
raise
privacy
and
revocation
issues.
Ongoing
risk-based
checks
and
user
education
help
mitigate
phishing
and
credential
theft.