Security Management Strategies for the CIO-
This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
6. - Key terms to aid with business continuity/disaster recovery planning: Read more in this section
-
Explore other sections in this guide:
Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else), using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten.
For this reason, Internet business and many other transactions require a more stringent authentication process. The use of digital certificates issued and verified by a Certificate Authority (CA) as part of a public key infrastructure is considered likely to become the standard way to perform authentication on the Internet.
Logically, authentication precedes authorization (although they may often seem to be combined).
This was last updated in June 2007
Posted by: Margaret Rouse
View the next item in this Essential Guide: encryption or view the full guide: Essential guide to business continuity and disaster recovery plans