SecurITyCerts dot Org

       Navigating Security Certifications

Cryptography: Authentication

CISSP, GIAC GSEC, Security+ Review

Authentication is the concept of uniquely identifying individuals to provide assurance of a user’s identity.

In others words, proving people are who you claim they. are

Typical physical and logical authentication methods include the use of ID cards, door locks and keys, and network logins and passwords.

For example, when I arrived at the airport yesterday, I identified myself to the airline gate agent as I fumbled through my pockets for my password.

"Hi, I'm Ted Demopoulos." This is just identification, just a claim.

I authenticated myself, proved that in fact I am Ted Demopoulos, by providing my passport.

Traditionally we have authenticate identities based on one of three attributes:

In addition, we can authenticate based on a fourth attribute:

Sometimes simply your location can be used for authentication. For example, if you're in a super secret and secure facility, 2 miles underground Area 51, a U.S. Air Force installation in Nevada, . . .

Encryption is used by all three authentication methods. No matter what you use to authenticate, you want to make sure the information is protected as it travels the network and that it is also secure when it resides on the backend server