Authentication

Authentication

Authentication is the process of verifying an assertion about a user or thing. Most often, the identity of that user or thing is the assertion that is verified during authentication. Authentication therefore follows after identification, which is the process of indicating the identity of a user or thing.

Human users can authenticate using three factors:

• Something you know (example: password)

• Something you have (example: identity card)

• Something you are (example: fingerprint)

When two or more different factors are combined during the authentication process, we call it multi-factor authentication.

Authentication versus authorization

Authentication is distinct from authorization. Authorization specifies the permissions of a user or a thing. In other words, authorization defines what an entity (user or thing) is allowed to do in an application. Thus, we have to distinguish between the following three processes:

• Identification: indicate the identity of a user or thing

• Authentication: verify the identity of that user or thing

• Authorization: validate that the verified user or thing is allowed to execute a certain action