Authentication is a term describing the process of determining whether someone or something is really who or what they claim to be. It is a verification of identity. Establishment of identity (authentication) is no guarantee that the identified object or person is authorized.
Authentication may use one to three methods to establish identity which include:
- Something the user knows - This may include a password, passphrase, secret question, or personal identification number (PIN)
- Something the user has which may include a secure ID token
- Something the user is which may be a characteristic of their body such as a fingerprint, DNA pattern, retinal pattern, voice print, the look of their face, and other characteristics.
Authentication protocols include:
- CHAP - Challenge Handshake Authentication Protocol is a three way handshake protocol which is considered more secure than PAP. Authentication Protocol.
- EAP - Extensible Authentication Protocol is used between a dial-in client and server to determine what authentication protocol will be used. Used to support smart card and other high tech forms of authentication through its support of Transport Layer Security (TLS) which is used by these devices. It is a new protocol with Windows 2000.
- PAP - Password Authentification Protocol is a two way handshake protocol designed for use with PPP. Authentication Protocol Password Authentication Protocol is a plain text password used on older SLIP systems. It is not secure.
- S/Key - A one time password system, secure against replays. RFC 2289.
- SPAP - Shiva PAP. Only NT RAS server supports this for clients dialing in.
- DES - Data Encryption Standard for older clients and servers.
- RADIUS - Remote Authentication Dial-In User Service used to authenticate users dialing in remotely to servers in a organization's network. S/Key - A one time password system, secure against replays. RFC 2289. Authentication Protocol.
- TACACS - Offers authentication, accounting, and authorization. Authentication Protocol.
- MS-CHAP (MD4) - Uses a Microsoft version of RSA message digest 4 challenge and reply protocol. It only works on Microsoft systems and enables data encryption. Selecting this authentification method causes all data to be encrypted.
- SKID - SKID2 and SKID3
Two factor authentication
Two factor authentication relies on not one but two items to establish the identify of a person or thing. It typically uses a password and a token which contains a number that changes every minute. Two factor authentication therefore typically uses something the user knows and something the user has to authenticate.
Multifactor authentication may require three or more items to establish identity.