Authentication Explained with Examples
Authentication is the process by which users and computers identify themselves on the network to access resources. This tutorial explains the authentication types, methods, and factors in detail.
Authentication Factors
Authentication factors define the things you use to authenticate yourself. There are three types of authentication factors. These are something you know, something you have, and something you are.
Something you know
This authentication factor requires a secret keyword, such as a PIN or password, known only by the authorized user. The user uses his secret password to authenticate himself.
Something you have
This authentication factor requires a physical thing that only the authorized user has. The user uses the thing to authenticate himself or receive an authentication code. For example, he can use a swipe card or a physical token to enter a building. Receiving OTP on mobile is another example of this factor.
Something you are
This authentication factor requires a unique property that the user possesses. All users have some unique biometric parameters, such as fingerprints and retinas. This factor uses these parameters to authenticate users. It is considered the most secure method of authentication.
Authentication factor scheme
Based on how many authentication factors a user uses, we can classify them into the following three types.
Single-factor authentication scheme
Single-factor authentication uses only one authentication factor. For example, a website requires users to enter only a username and password (something you know). The website uses single-factor authentication. It is the most convenient but the least secure of the three authentication factors.
Two-factor authentication scheme
Two-factor authentication uses two authentication factors. For example, a bank debit card (something you have) needs a PIN (something you know) to complete a transaction or withdraw money from an ATM. Two-factor authentication stands at a moderate level in both simplicity and security. The following are examples of a two-factor authentication scheme.
Using a smart card with a PIN
You use a card (something you have) as the first level of authentication and then use a PIN (something you know) as the second level of authentication.
Using a password with biometric
You enter the login username and password as the level one authentication, and then use biometrics as the second level of authentication.
Using a password with an OTP
You enter the login username and password as the level one authentication, and then receive a temporary password called OTP on your mobile as the second level of authentication.
Three-factor authentication scheme
Three-factor authentication uses all three authentication factors. Sometimes, it is also called multifactor authentication. It is the most secure but the least convenient authentication factor. An example of three-factor authentication is when you need to perform a thumb or retina scan (something you are), swipe an ID card (something you have), and then enter the PIN or password associated with that ID card (something you know).
Authentication types/methods
There are many authentication methods. A network or system selects an authentication method based on the required security level. The following are the most widely used authentication methods.
Username and password
This method requires a username and a password to log in. Operating systems such as Windows and Linux use it to authenticate users at startup. They can store usernames and passwords locally or on a network system.
Local login
By default, all operating systems save usernames and passwords locally. When a user types a username and password at startup, the operating system uses the locally stored database to verify them. If the supplied credentials are correct, the user logs in. If they are incorrect, the user fails to log in.

Network login
In the network login, a server system saves usernames and passwords. When a user types a username and password at startup, the operating system forwards them to the server system. The server system checks its database to allow or deny the login. If the supplied credentials are correct, it permits the login. If they are incorrect, it denies the login request.
Smartcard
This method uses a smart card and a PIN to authenticate the user. The user inserts a smartcard into a smartcard reader and then supplies a PIN. The card contains the user ID. The card reader reads the user ID and sends it with the PIN provided to the authentication server. The authentication server allows or rejects the access request based on the entered PIN.
Employee card
Employee cards are similar to smart cards but do not require a PIN. An entity issues employee cards only to its employees. Each employee card contains the employee’s private key.
Biometrics
This method uses biometrics to authenticate users. It is the most secure authentication method. The user provides a retina scan or fingerprint as a credential. If the biometrics match, the user gets access.
Anonymous authentication
By default, services and operating systems require users to log in. You can not access a login-protected service or operating system without having a user account. An anonymous account is an exceptional account in this case. It allows you to access a login-protected service without having a user account. When you use this account to log in, you will get whatever permissions it has. It is a popular authentication method for websites or FTP servers.
Basic authentication
Basic authentication sends the username and password to the server in clear text. Since it sends the username and password in text format, anyone can view the password by capturing data packets from the middle.
Integrated authentication
Integrated authentication sends the username and password to the server in an encrypted format. Since it sends the username and password in an encrypted format, no one can view the password by capturing data packets from the middle. It is a more secure authentication method than basic authentication.
Kerberos
Kerberos is an authentication protocol. Microsoft Active Directory uses it. It uses a key distribution center (KDC) server. KDC server issues tickets. Clients need tickets to log in or access services.
Certificates
A certificate is an electronic file that contains encryption keys and other necessary details. You can store a certificate on a smartcard or USB drive. Later, you can use that smartcard or the USB drive to log in.
Conclusion
Authentication is a critical security process that ensures users and systems verify their identities before accessing network resources. By utilizing various authentication factors, organizations can enhance their security. Each authentication scheme offers different levels of security and convenience. The selection of appropriate authentication methods, such as passwords, smart cards, or biometric systems, depends on the specific security needs of the organization and the sensitivity of the resources it wants to protect. By prioritizing robust authentication mechanisms, organizations can better safeguard their information and ensure a secure network environment.
Author Laxmi Goswami Updated on 2025-10-14