Authentication Explained with Examples

Authentication is the process users and computers use to identify themselves on the network to access resources. This tutorial explains the authentication types, methods, and factors in detail.

Authentication Factors

Authentication factors define the thing you use to authenticate yourself. There are three types of authentication factors. These are something you know, something you have, and something you are.

Something you know

This authentication factor needs a secret keyword called a PIN or password known only by the authorized user. The user uses his secret password to authenticate himself.

Something you have

This authentication factor requires a physical thing that only the authorized user has. The user uses the thing to authenticate himself or receive authentication code. For example, he can use a swipe card or physical token to enter a building. Receiving OTP on mobile is another example of this factor.

Something you are

This authentication factor needs a unique property the user has. All users have some unique biometrics parameters such as fingerprint and retina. This factor uses these parameters to authenticate users. It is considered the most secure method of authentication.

Authentication factor scheme

Based on how many authentication factors a user uses to authenticate himself, we can classify authentication factors into the following three types.

Single-factor authentication scheme

A single-factor authentication uses only one authentication factor. For example, a website requires users to enter only a username and password (something you know). The website uses a single-factor authentication. It is the most convenient but the least secure factor among all three authentication factors.

Two-factor authentication scheme

A two-factor authentication uses two authentication factors. For example, a bank debit card (something you have) needs a PIN (something you know) to complete a transaction or withdraw money from an ATM. Two-factor authentication stands at a moderate level in both simplicity and security. The following are examples of a two-factor authentication scheme.

Using a smart card with a PIN

You use a card (something you have) as the first level of authentication and then use a PIN (something you know) as the second-level authentication.

Using a password with biometric

You enter the login username and password as the level one authentication and then use biometrics as the second level of authentication.

Using a password with an OTP

You enter the login username and password as the level one authentication and then receive a temporary password called OTP on your mobile as the second level of authentication.

Three-factor authentication scheme

A three-factor authentication uses all three authentication factors. Sometimes, it is also called a multifactor authentication. It is the most secure but the least convenient authentication factor.

An example of three-factor authentication is if you are required to do a thumb or retina scan (something you are), swipe an ID card (something you have), and then insert the PIN or password associated with that ID card (something you know).

Authentication types/methods

There are many authentication methods. A network or system chooses an authentication method based on the security level it needs. The following are the most widely used authentication methods.

Username and password

This method requires a username and password to log in. Operating systems such as Windows and Linux use it to authenticate users at the start-up. They can store usernames and passwords locally or on a network system.

Local login

By default, all operating systems save usernames and passwords locally. When a user types a username and password at the start-up, the operating system uses the locally stored database to verify the typed username and password. If the supplied credentials are correct, the user logs in. If they are incorrect, the user fails to log in.

local login vs network login

Network login

In the network login, a server system saves usernames and passwords. When a user types a username and password at the start-up, the operating system forwards the typed username and password to the server system. The server system checks its database to allow or deny the login. If the supplied credentials are correct, it permits the login. If they are incorrect, it denies the login request.

Smartcard

This method uses a smart card and a PIN to authenticate the user. The user inserts a smartcard into a smartcard reader and then supply a PIN. The card contains the user ID. The card reader reads the user ID and sends it with the supplied PIN to the authentication server. The authentication server allows or rejects the access request based on the entered PIN.

Employee card

Employee cards are similar to smart cards but do not require a PIN. An entity issues employee cards only to its employees. Each employee card contains the employee’s private key.

Biometrics

This method uses biometrics to authenticate users. It is the most secure authentication method. The user provides a retina scan or fingerprint as a credential. If biometrics matches, the user gets the access.

Anonymous authentication

By default, services and operating systems require users to log in. You can not access a login-protected service or operating system without having a user account. An anonymous account is an exceptional account in this case. It allows you to access a login-protected service without having a user account. When you use this account to log in, you will get whatever permissions it has. It is a popular authentication method for websites or FTP servers.

Basic authentication

Basis authentication sends the username and password to the server in clear text. Since it sends the username and password in text format, anyone can view the password by capturing data packets from the middle.

Integrated authentication

Integrated authentication sends the username and password to the server in an encrypted format. Since it sends the username and password in an encrypted format, no one can view the password by capturing data packets from the middle. It is a more secure authentication method than basic authentication.

Kerberos

Kerberos is an authentication protocol. Microsoft Active Directory uses it. It uses a key distribution center (KDC) server. KDC server issues tickets. Clients need tickets to log in or access services.

Certificates

A certificate is an electronic file that contains encryption keys and other necessary details. You can store a certificate on a smartcard or USB drive. Later, you can use that smartcard or the USB drive to log in.

ComputerNetworkingNotes CCNA Study Guide Authentication Explained with Examples