Authentication, as defined by Wikipedia, is the process of confirming the truth of an attribute of a single piece of data as claimed. In our daily routine, we use authentication even in small ways. The act of putting a key into a lock is a simple form of authentication. By using our ATM cards to make bank transactions, we authenticate the account via the use of PIN codes.
In the world of information security, authentication is the process of verifying if the person who wishes to use an IT facility is really the person authorized to do so or to have access to. There are several things on how it is done, but the mere simple activity of logging into a workstation to access local files (or files stored in a hard disk), is an authentication method in itself. However, information is so valuable in organizations these days that by simply authenticating yourself via a desktop password is considered too crude and may expose or leak sensitive information into the wrong hands.
In information security, there should be three elements to determine a “positive authentication” or in layman’s terms, that the user who want to use or access information is really the real person he or she is. These three elements are known as:
- Knowledge factor – something that a person knows. This could either be a person’s birthdate, an employee number, or a complex password.
- Ownership factor – something that that specific person has. An example of this are ATM cards, mobile phones, token cards, or simply an ID card
- Inherence factor – something that identifies who the person is. An example of this are fingerprints, retina ID, the DNA sequence, the voice pattern, the face pattern or the signature.
In order to complete a positive authentication sequence, either or all factors should be present and the specific person may be authorized to access such IT resource or information. This is where the types or levels of authentication come into play.
If one element as stated above is only used, then it is called a single-factor authentication. A person may enter an area using a visitor pass or an employee ID card, or a person may use an IT resource or gain access to information via a single password and that is it.
Now if a person would want to enter an area using an employee ID and uses a biometric access device to gain access to the inside of the area, it’s called two-factor authentication and the person may need two levels of access to gain entrance into an area, in this case, the employee ID and the biometric access device using his fingerprint.
If the same person would want to enter the area but uses an employee ID card at one part, an access RFID on a separate card and a biometric access device using the fingerprint, it is called as “multi-factor” or multi-layer authentication.
The complication comes in when the need for a strong cybersecurity policy arises, wherein businesses have to decide on the right combination of authentication and access privileges. Learn more from our free eBook upon subscribing for our newsletter.