Step One
Definition of Authentication
Authentication implies the procedures used by a company, person or any party to confirm or verify the identity of the person accessing a system (Usmonov, 2021). The authentication process proves whether a person is who they are by using pre-determined methods such as passwords and usernames to verify identity (Usmonov, 2021). Authentication plays a crucial role in protecting information from access by unauthorized users.
Core Principles Of and Tenets of Authentication
According to Tashev, Arzieva, Arziev, and Kuvonchbek (2022), one of the core principles of authentication is using the authenticating factors in the authentication process. The principle requires that more than one factor is utilized during the authentication process. Multiple factors of authentication imply the different categories of evidence that a device or user can propose to prove their identity. Authenticating factors requires using common factors such as passwords, a smart card, or fingerprints to implement authentication.
The other principle of authentication is that the process should use standardized and secure protocols to govern how authentication should be communicated and performed. As a matter of principle, the protocols used for authentication should guarantee the availability, integrity, and confidentiality of data so that unauthorized access is prevented (Tashev et al., 2022). Examples of the standard protocols used for authentication are JSON Web Tokens, Public Key Infrastructure, Remote Authentication Dial-in User Service, and Lightweight Directory Access Protocol (Tashev et al., 2022). The protocols used in authentication must be supported by policies that specify how authentication should be implemented and managed.
Balancing usability and security is also a principle of authentication so that a trade-off is established between the ease of use of authentication and the level of protection accompanying the use of a method. Authentication usability impacts satisfaction, experience, compliance and operational efficiency (Tashev et al., 2022). Factors influencing authentication are frequency, complexity, error recovery and support, user feedback and complexity.
Another principle of authentication is that there must be a provision for regular and rigorous testing of authentication systems so that the system’s functionality and performance security are regularly ascertained. As a matter of principle, authentication testing is essential for resolving and identifying any vulnerabilities in a system so that improvements can be made (Tashev et al., 2022). Testing is a principle that allows for tests to be made so that a company or people keep up with evolutions in authentication by staying up-to-date with trends in authentication.
How Someone Can Be Authenticated
One of the ways that someone can be authenticated is by using passwords that require creating strong passwords that have a combination of numbers, letters, and symbols. Certificate-based authentication involves using a signal sent to other devices and systems using encryption to identify someone (Siddiqui et al., (2021). Token-based authentication uses a one-time PIN a system generates to identify a person. In contrast, biometric authentication utilizes a person’s biological features to identify them before they can access a system. Push notification is an authentication procedure that uses a person’s phone to receive a code that identifies and notifies a person (Siddiqui et al., (2021). Multifactor authentication is using more than one authentication procedure to ascertain a person’s identity.
How Authentication Has Evolved and Identify Stressors That Have Resulted In Changes to Authentication
Over time, the process of authenticating people has changed to more advanced ways to increase data security and prevent authorized access to systems. The first authentication method used by MIT over 50 years ago is still used today but with major transformations (Siddiqui et al., (2021). Passwords are one of the methods utilized for authenticating people. Authentication moved from simple passwords to complicated ones that include numbers, figures, and a unique factor when creating a password to prevent someone from guessing a password. However, using passwords evolved to using fingerprints and biometric authentication methods (Siddiqui et al., (2021). Authentication has presentably used facial authentication and biological features to identify and authenticate a user. In the best of its form, authentication has evolved to using multiple methods to show a person so that chances of unauthorized access are reduced to the minimum.
The Different Types of Authentication
The common types of authentication are two-factor authentication and multifactor authentication. Two-factor authentication (2FA) requires using two different identity management methods to ascertain a person’s identity. In terms of security, Two-factor authentication (2FA) is less secure than Multifactor authentication (Siddiqui et al., (2021). One of the examples of two-factor authentication is using passwords followed by fingerprints. Multifactor authentication requires two or more proofs to identify a person before they get access to the system (Siddiqui et al., (2021). This method is used in high-risk environments to prevent fraud. Examples of Multifactor authentication are when a person uses a password, followed by fingerprints, and then is required to use push notification to access a system.
Single-Factor Multifactor Authentication | |
Controls access to a system | Controls access to a system |
The method is easy to use | The technique is complicated to use |
High risks to security | Low risk to security |
There is a high chance of information getting lost | There is a low chance of data getting lost |
Key loggers can easily steal passwords and more. | There is no risk of keylogger activity. |
The user is not in complete control | The user is usually in full control |
Phishing can easily be used to access a system | There is a meager chance for successful phishing |
Source: (Saqib, Khan, Javed, Ahmad, Nisar, Abbasi, & Julaihi, 2022).
References
Usmonov, M. T. O. G. L. (2021). Authentification, authorization and administration. Science and Education, 2(7), 233-242.
Tashev, K. A., Arzieva, J. T., Arziev, A. T., & Kuvonchbek, R. (2022, September). Method authentication of objects information communication systems. In 2022 International Conference on Information Science and Communications Technologies (ICISCT) (pp. 1-5). IEEE.
Siddiqui, N., Pryor, L., & Dave, R. (2021). User authentication schemes using machine learning methods—a review. In Proceedings of International Conference on Communication and Computational Technologies: ICCCT 2021 (pp. 703–723). Springer Singapore.
Saqib, R. M., Khan, A. S., Javed, Y., Ahmad, S., Nisar, K., Abbasi, I. A., … & Julaihi, A. A. (2022). Analysis and Intellectual Structure of the Multifactor Authentication in Information Security. Intelligent Automation & Soft Computing, 32(3).