I'll be blogging about some of these authentication procedures. To lay the foundation for my upcoming blog posts on authentication I figured it would be a good idea to give a quick rundown of what authentication is, just to get the basics out of the way. Here it goes:
Authentication defined
If you consult the Oxford dictionary on your iPhone you'll learn that:
authenticate:When we authenticate users of computer systems, what are we trying to prove? In short, that the correct people are logged in to the correct user accounts. So, for computer systems we'll see that it makes sense to use the following definition:
prove or show (something) to be true, genuine, or valid;
Authentication is the process carried out to show that a user is who she claims to beTo explain what this means we'll break a typical authentication procedure into two phases: the user claims to be the owner of a digital identity, and we need to verify that the claim is true before the user is allowed to assume the claimed identity.
The claim — The user usually presents a username as her digital name (or identifier) to associate her with a particular user account. Imagine a user logging into Facebook with her username and password. She will enter her username, claiming that this is her Facebook account. To give Facebook some assurance that she in fact is the person behind that particular username, she must also back her claim with some proof. She therefore also enters her password, a secret shared only between her and Facebook.
Verifying the claim — Facebook looks up the account the user claims belongs to her, and verifies that the password presented matches the one they have on file for the account. If the password is correct, Facebook believes the claim to be true and will log in the user. If the password is wrong, authentication fails because the user's claim could not be shown to be true.
That was a short introduction to the concept of authentication, next we'll have a look at the authentication factors used to back up a claim. Just remember: Authentication is all about proving that you are the person corresponding to a digital identity in a computer system.
If you want to dig deeper into the topic of authentication, I recommend a great book on the subject: "Who Goes There? Authentication Through the Lense of Privacy." Clicking on the image will bring you straight to Amazon. This book touches upon the more fundamental aspects of authentication, and will give you a deeper understanding of what authentication really is. I've read it several times myself, every time I learn something new.
A word of advice: Don't drink wine while you read it, you'll suddenly find yourself in a very philosophical mood — asking yourself existential questions and wondering about who you really are. You've been warned.
Authentication factors
You can authenticate to a computer system in various ways. Computer systems are often said to use single-factor, or two-factor authentication. The authentication factors are the different types of evidence presented during authentication. To better grasp what this means, we'll have a look at the common categorization of authentication factors. These are so important that they deserve to be in a list before we explain them:
- Something you know
- Something you have
- Something you are
*Update: See separate post on security questions: Why security questions are not.
Something you have — means that you can prove possession of a physical token. A well known example is RSA's SecurID tokens shown in the picture. All code generating dongles fall into this category. Mobile phones are increasingly being used for authentication as "something you have" elements, either through code generating apps or by receiving one time passwords by SMS.
Something you are — biometrics. Iris scans, fingerprint scans and so on falls into this category. This is the least popular category of authentication factors, and it's not usually widely deployed in computer systems.
How many factors?
This brings us right to single-factor vs. two-factor authentication. The difference might seem apparent, but there are some subtleties. To make it a two-factor authentication, you need to use two different types of authentication factors. That means, if you supply a username and a code from your RSA Securid to log in, then it's a single-factor authentication procedure. You've only used the "something you have" factor to back up your claim. If you in addition supply a PIN or password, it becomes a two-factor authentication scheme since you also present a "something you know" factor.
Note that the username does not count as a factor! A common flaw in authentication systems is to e.g. use social security numbers as some sort of "password". It's not, it's an identifier often no more secret than your name. You can claim that it's your number, but you better back it up with some proof!
"Something you have" goes mobile
It is increasingly popular to rely on mobile phones when authenticating users. This is quite natural, since your mobile phone is usually "something you have" with you. There are several ways to leverage mobile phones when authenticating users. One approach is to send the user a one time password by SMS. When the user enters the password on her computer, you get assurance that the mobile phone was present during authentication. Similarly, the user might install an app to generate codes, making the mobile phone a replacement for dongles such as the RSA SecurID.
However, the very reason for a user to bring her mobile phone everywhere — to use it all the time for all sorts of things — also constitutes the biggest security challenge when relying on it as an authentication factor. People surf the web with their phone, they often uncritically download apps, and the phone is usually always online. The broad use of mobile phones, combined with their sophistication, make them an increasingly interesting target for malware writers. As a recent example, there were malicious software circulating on the Android market store, and there were also reports on how users could be tricked into installing apps on their Android phones. In February I blogged how the procedure to purchase and install apps through Android market would reduce two-factor authentication to single-factor authentication if an Android phone was used as an authentication factor.
As more and more websites build on the mobile phone as an authentication factor, efforts to attack mobile devices will only intensify. It will be interesting to see how it plays out.
The end
That concludes this post. I've laid out the basics of authentication, which authentication factors we have and how we count them, and we've touched upon the growing use of mobile phones as the "something you have" factor. I'll be blogging more about authentication procedures, and now that the foundation is in place I can focus more on the specifics.
20170518 leilei3915
ReplyDeletemont blanc pens
pandora charms
coach factory outlet
michael kors handbags
lacoste shirts
mlb jerseys wholesale
polo shirts
michael kors outlet clearance
cheap mlb jerseys
ugg boots
ugg shoes
ReplyDeletecanada goose jackets
coach outlet store
kate spade handbags
adidas shoes
jordan retro
kate spade outlet store
coach outlet store
nike air max
coach factory outlet
12.09linpingping
Something tells me that you should visit this site for some info on how to write great essay. This could be good
ReplyDeletesnapseed for iphone
ReplyDeleterobux promo codes this is the best thing i ever found.
ReplyDeleteHey everyone! I think, there is very useful and interesting post! I am a student of the IUR college and for me the greatest way to write my essays is to use this online papernow company that I have found a few months ago via web searching. I no longer strain when I get writing tasks in the form of essays and instantly go for help to professionals to make an order. I can say, this greatly facilitates my student life. I can recommend this fantastic servicey for every pupil, who needs help, like me.
ReplyDeleteI really like your blog and I think you will be interested to read examples of my work. I also work as a writer and specialize in writing academic papers. If you are interested, you can see examples of my texts and reviews on the site https://rankmywriter.com/samedayessay-com-review
ReplyDeleteThat's so many factors mapquest driving directions It's so good introduction.
ReplyDeleteskycut plotter india
experts
mobileskinsoftware
silhouette cameo 4
mobileskinsoftware
ambition gifts
top sublimation
wemaketrips
Nice post! This is a very nice blog that I will definitely come back to more times this year!
ReplyDeleteAuthentication is very important and I am very happy that the financial service I use has dual authentication. I recently read on https://affirm.pissedconsumer.com/review.html that a lot of people are happy with the protection, but I saw one helpful tip. You can not take the phone on which you conduct double authentication anywhere to exclude the possibility of losing it.
ReplyDeleteI am working as a technical writer at Assignment Help Australia. I feel so blessed that I have found the best assignment writing service. Everyone here is so cooperative. The healthy environment of the company helps me to give my best. I have research and exploration skills and a critical thinker, and very good writing skills. I have a unique style of writing. I am good at single sourcing. I know basic web designing.
ReplyDeleteThanks for picking out the time to discuss this, I feel great about it and love studying more on this topic. It is extremely helpful for me. Thanks for such a valuable help again. 사설토토
ReplyDeleteNice information and useable. I look forward to your next post
ReplyDeleteThanks for picking out the time to discuss this, I feel great about it and love studying more on this topic. It is extremely helpful for me. Thanks for such a valuable help again. This blog is very informative and also if you want more information on HOW TO MAKE A GAY GUY FALL IN LOVE WITH YOU then this source is really helpful.
ReplyDeleteHey there! Howya doing.. its really amazing that you have given us a very informative blog Keep sharing Godbless!!
ReplyDeleteabogados de bancarrota a mi alrededor!
What an informative post online course help
ReplyDeleteThis article is really informative and full of knowledge and also more information visit on he looks into my eyes when he talks to me
ReplyDeleteUnlock the full potential of your messaging with
ReplyDeletePlus WhatsApp download , offering a plethora of enhanced features and customization options. Upgrade your communication game with Plus WhatsApp today!
This comment has been removed by the author.
ReplyDeleteAmazing WA mod in replcement of GB WA , click and download !
ReplyDeletembwhatsapp.app
ReplyDeleteDownload
ReplyDeleteMB WhatsApp
ReplyDeleteMB WhatsApp iphone
ReplyDeleteGeometry Dash Game
ReplyDelete