Scribd
Upload
36 views10 pages

User Authentication

User authentication is the process of verifying the identity of a user seeking access to systems or networks, ensuring that only authorized individuals can enter. It involves tasks such as identification, authorization, and authentication, which can be based on possession, knowledge, or user attributes. Various methods of authentication include password-based, multi-factor, certificate-based, biometric, token-based, and one-time passwords, each with its own advantages and drawbacks.

Uploaded by

narlapravallika8
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
36 views10 pages

User Authentication

User authentication is the process of verifying the identity of a user seeking access to systems or networks, ensuring that only authorized individuals can enter. It involves tasks such as identification, authorization, and authentication, which can be based on possession, knowledge, or user attributes. Various methods of authentication include password-based, multi-factor, certificate-based, biometric, token-based, and one-time passwords, each with its own advantages and drawbacks.

Uploaded by

narlapravallika8
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

USER

AUTHENTICATION
Presented by:-
22HP1A4215
DEFINITION:
Verifying the identity of user is called as “user authentication”

• User authentication verifies the identity and other credentials of a


user, who is attempting to gain access to computing resource or
networks.
• The term authentication ensures only authorized users allowed to
access a system
• Hence authentication preventing the unauthorized users from
gaining access,
potentially damaging systems,
stealing information or
causing other problems.
User authentication consists of three tasks:
• Identification, When a user claims an identity, it's called identification.
• A username, process ID, smart card, or anything else that may uniquely
identify a person can be used for identification.
• Authorization is the process of verifying one's identity,
• for example, when a user enters UID and PWD, the password verifies that the
user is the owner of the username.
• Authentication is a security technique for determining a user's privileges or
eligibility to execute specific tasks in a system.
• The authorization specifies the role-based powers user can have in the system,
after they have been authenticated as an eligible candidate.
• User authentication is based on one of three things:
 The user's possession of something (a key or card),
The user’s knowledge of something (a user identifier or password) or
An attribute of the user (fingerprint, retina pattern, or signature).
1. Password-based authentication

• Passwords are the most common methods of


authentication. • Passwords can be in the form of a string
of letters, numbers, or special characters.
• Users need to create strong passwords that include a
combination of all possible options, to prevent from
phishing attacks.
• Most people use simple passwords instead of creating
reliable passwords because they are easier to remember,
but not sufficient in protecting
• online information.
• Hackers can easily guess user credentials by running
through all possible combinations until they find a match.
2. Multi-Factor Authentication (MFA)

• Multi-Factor Authentication (MFA) is an


authentication method that requires two or more
independent ways to identify a user.
• MFA increase the confidence of users by adding
multiple layers of security.
• Examples include codes generated from the
user's smartphone, Captcha tests, fingerprints,
voice biometrics or facial recognition.
• MFA may be a good defense against most account
hacks.
• Drawback
• People may lose their phones or SIM cards and not
be able to generate an authentication code.
3. Certificate-based Authentication

• Identify users by using digital certificates.


• A digital certificate is an electronic document,
contains the digital identity of a user including a
public key, and the digital signature of a certification
authority.
• Users provide their digital certificates when they
sign in to a server.
• The server verifies the trustworthiness of the digital
signature and the certificate authority.
• The server then uses cryptography to confirm that
the user has a correct private key associated with the
certificate.
4. Biometric authentication

• Biometrics authentication is a security process


that relies on the unique biological
characteristics of an individual.
• Biometric authentication technologies are
used by consumers, governments and private
corporations including airports, military bases,
and national borders.
• The technology is increasingly adopted due to
the ability to achieve a high level of security
without creating friction for the user.
Biometric authentication...
• Common biometric authentication methods include:
• Facial recognition—face characteristics of an individual
• Fingerprint scanners— unique patterns on an
individual's fingerprints. Fingerprint scanners are
currently the most popular biometric technology
• Speaker Recognition —also known as voice biometrics,
examines a speaker's speech patterns for the formation
of specific shapes and sound qualities.
• Eye Scanners -- iris recognition and retina scanners .
Iris scanners project a bright light towards the eye,
and search for unique patterns
of the eye.
5. Token-based authentication

Token-based authentication technologies enable users to


enter their
credentials once and receive a unique encrypted string of
random
characters in exchange.

the token is used to access protected systems instead of


entering
credentials (like user id, password and etc.) all over again.

The digital token proves that the user already have access
permission.
6. One-Time Passwords

A one-time password (OTP) is an automatically generated numeric


or
alphanumeric string of characters that authenticates a user for a
single transaction or login session.

An OTP is more secure than a static password, especially a user-


created password, which can be weak and/or reused across
multiple
accounts.

One-time passwords are a form of strong authentication, providing


much better protection to eBanking, corporate networks, and
other
systems containing sensitive data.

You might also like