How do Authentication process Work-ICSS

What do you mean by Authentication?

Authentication is the process of recognizing a user’s identity. It is the mechanism of associating an incoming request with a set of identifying credentials. The credentials provided are compared to those on a file in a database of the authorized user’s information on a local operating system or within an authentication server. The authentication process always runs at the start of the application, before the permission and throttling checks occur, and before any other code is allowed to proceed. Different systems may require different types of credentials to ascertain a user’s identity. The credential often takes the form of a password, which is a secret and known only to the individual and the system. Three categories in which someone may be authenticated are: something the user knows, something the user is, and something the user has.

How do authentication Process work - ICSS

How authentication is used

User authentication occurs within most human-to-computer interactions outside of guest accounts, automatically logged-in accounts and kiosk computer systems. Generally, a user has to choose a username or user ID and provide a valid password to begin using a system. User authentication authorizes human-to-machine interactions in operating systems and applications, as well as both wired and wireless networks to enable access to networked and internet-connected systems,applications and resources. Many companies use authentication to validate users who log into their websites. Without the right security measures, user data, such as credit and debit card numbers, as well as Social Security numbers, could get into the hands of cybercriminals.

Types of authentication methods

Traditional authentication depends on the use of a password file, in which user IDs are stored together with hashes of the passwords associated with each user. When logging in, the password submitted by the user is hashed and compared to the value in the password file. If the two hashes match, the user is authenticated. This approach to authentication has several drawbacks, particularly for resources deployed across different systems. For one thing, attackers who are able to access to the password file for a system can use brute force attacks against the hashed passwords to extract the passwords. For another, this approach would require multiple authentications for modern applications that access resources across multiple systems.

Password-based authentication weaknesses can be addressed to some extent with smarter user names and password rules like minimum length and stipulations focomplexity, such as including capitals and symbols. However, password-based authentication and knowledge-based authentication are more vulnerable than systems that require multiple independent methods.

Method of Authentication:-

  • Two-factor authentication -- Two-factor authentication adds an extra layer of protection to the process of authentication. 2FA requires that a user provide a second authentication factor in addition to the password. 2FA systems often require the user to enter a verification code received via text message on a preregistered mobile phone, or a code generated by an authentication application.

  • Multifactor authentication -- Multifactor authentication requires users to authenticate with more than one authentication factor, including a biometric factor like fingerprint or facial recognition, a possession factor like a security key fob or a token generated by an authenticator app.

  • One-time password -- A one-time password is an automatically generated numeric or alphanumeric string of characters that authenticates a user. This password is only valid for one login session or transaction, and is usually used for new users, or for users who lost their passwords and are given a one-time password to log in and change to a new password.

  • Three-factor authentication -- Three-factor authentication (3FA) is a type of MFA that uses three authentication factors, usually a knowledge factor (password) combined with a possession factor (security token) and inherence factor (biometric).

  • Biometrics -- While some authentication systems can depend solely on biometric identification, biometrics are usually used as a second or third authentication factor. The more common types of biometric authentication available include fingerprint scans, facial or retina scans and voice recognition

  • Mobile authentication -- Mobile authentication is the process of verifying user via their devices or verifying the devices themselves. This lets users log into secure locations and resources from anywhere. The mobile authentication process involves multifactor authentication that can include one-time passwords, biometric authentication or QR code validation.

  • Continuous authentication -- With continuous authentication, instead of a user being either logged in or out, a company's application continually computes an "authentication score" that measures how sure it is that the account owner is the individual who's using the device.

  • API authentication -- The standard methods of managing API authentication are: HTTP basic authentication; API keys and OAuth.

  • In HTTP basic authentication, the server requests authentication information, i.e., a username and password, from a client. The client then passes the authentication information to the server in an authorization header.

  • In the API key authentication method, a first-time user is assigned a unique generated value that indicates that the user is known. Then each time the user tries to enter the system again, his unique key is used to verify that he is the same user who entered the system previously.

  • Open Authorization (OAuth) is an open standard for token-based authentication and authorization on the internet. OAuth allows a user's account information to be used by third-party services, such as Facebook, without exposing the user's password. OAuth acts as an intermediary on behalf of the user, providing the service with an access token that authorizes specific account information to be shared

How authentication works

During authentication, credentials provided by the user are compared to those on file in a database of authorized users' information either on the local operating system or through an authentication server. If the credentials match, and the authenticated entity is authorized to use the resource, the process is completed and the user is granted access. The ermissions and folders returned define both the environment the user sees and the way he can interact with it, including hours of access and other rights such as the amount of resource storage space.

Traditionally, authentication was accomplished by the systems or resources being accessed; for example, a server would authenticate users using its own password system, implemented locally, using login IDs and passwords. Knowledge of the login credentials is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else, such as a systems administrator), using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password.

However, the web's application protocols, HTTP and HTTPS, are stateless, meaning that strict authentication would require end users reauthenticate each time they access a resource using HTTPS. Rather than burden end users with that process for each interaction over the web, protected systems often rely on token-based authentication, in which authentication is performed once at the start of a session. The authenticating system issues a signed authentication token to the end-user application, and that token is appended to every request from the client.

Entity authentication for systems and processes can be carried out using machine credentials that work like a user's ID and password, except the credentials are submitted automatically by the device in question. They may also use digital certificates that were issued and verified by a certificate authority as part of a public key infrastructure to authenticate an identity while exchanging information over the internet.