Authentication refers to the process of identifying an individual, usually based on a username, password, and some type of additional verification. Authentication confirms that an individual is who they claim to be, which prevents unauthorized access to a program, system, network, or device, but does not affect the access rights of the individual. In security systems, authentication is a distinct form of authorization, the process of admitting individuals to system objects based on their identity.
Authentication layers
Authentication typically consists of one of the following variables or some combination:
- Knowledge: something you know, which is generally an email address, ID number, or username and password, although it can also include custom security questions and CAPTCHA verification
- Possession: something you have, which could be an email verification link, one-time password (OTP), identification badge, keycard, or browser cookie
- Inherence: something you are, including biometrics such as retinal scans, fingerprints, voice recognition, or facial recognition
Any combination of these variables creates a multi-factor authentication process, which sometimes requires user participation but can also be done discreetly, as in the case of cookie authentication. Authentication occurs most times a user attempts to access a program, network, device, etc., except in the case of guest access and automatic login.
Basic authentication compares a variable from the user with what s stored in the system being accessed. In the case of username and password, for example, the credentials a user enters at login will be cross referenced with a database of stored usernames and corresponding passwords. If both credentials match, the user will be granted access. If one or both credentials are invalid, an error message will be returned (although different scenarios may return different messages). In particularly sensitive or high-risk login situations, too many unsuccessful authentication attempts may cause account lockout, where a user must take extra steps to authenticate their identity.