Digest authentication is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain controller. The domain controller sends a special key, called a digest session key, to the server that received the original request. The user must then produce a response, which is encrypted and transmitted to the server. If the user's response is of the correct form, the server grants the user access to the network, Web site or requested resources for a single session.
In its simplest form, digest authentication is an enhanced method of single-factor authentication (SFA). The drawback of SFA is the fact that the single factor (the password or user response) is relatively easy for an experienced hacker to discover and exploit. Superior security can be obtained by the use of a two-factor authentication scheme, in which a physical token such as smart card is employed in addition to the password or keyboard-generated response to verify the identity of a potential user. Even better security may be provided by digest authentication in conjunction with multifactor authentication, in which three or more independent parameters are used. Such parameters may include biometric verification, fingerscanning or a voiceprint.