SecurITyCerts dot Org

       Navigating Security Certifications

• Home
• Top 3 Certs
• Other Certs
• Comparisons
• Speaking & Consulting
• Sites I Love

Cryptography: Authentication

CISSP, GIAC GSEC, Security+ Review

Authentication is the concept of uniquely identifying individuals to provide assurance of a user’s identity.

In others words, proving people are who you claim they. are

Typical physical and logical authentication methods include the use of ID cards, door locks and keys, and network logins and passwords.

For example, when I arrived at the airport yesterday, I identified myself to the airline gate agent as I fumbled through my pockets for my password.

"Hi, I'm Ted Demopoulos." This is just identification, just a claim.

I authenticated myself, proved that in fact I am Ted Demopoulos, by providing my passport.

Traditionally we have authenticate identities based on one of three attributes:

• Something the person knows, such as a password
• Something the person has, such as a token
• Something the person is, or biometrics

In addition, we can authenticate based on a fourth attribute:

• Somewhere you are, your location

Sometimes simply your location can be used for authentication. For example, if you're in a super secret and secure facility, 2 miles underground Area 51, a U.S. Air Force installation in Nevada, . . .

Encryption is used by all three authentication methods. No matter what you use to authenticate, you want to make sure the information is protected as it travels the network and that it is also secure when it resides on the backend server

NEXT

 

Headline 3

insert content here