Methods of authentication


Typically, authentication depends on some kind of secret assumed to be known only by the intended person. Consequently, authentication is not firm proof of identity, just proof of knowledge of that secret.

The most common authentication mechanism is the password. Unfortunately, it is often easy to obtain passwords through means like network sniffing or finding where a user has written them down.

One-time passwords are generated algorithmically from information assumed to be held secret by the user; since they are only used once, obtaining one by snooping doesn't help an attacker violate security.

Other cryptographic techniques (such as use of public-key cryptography algorithms in certificates or signatures) can also be used to provide more secure authentication, but still depend on someone keeping a secret somewhere.

Biometric authentication depends more on who you are than what you know, but is currently rather easy to spoof due to the fuzziness of methods used to determine biometric matches and the relative ease of duplicating certain biometric properties like fingerprints.

Next ->


Steve VanDevender
Last modified: Wed Jul 9 14:20:46 PDT 2003