user authentication

User authentication is the verification of an active human-to-machine transfer of credentials required for confirmation of a user’s authenticity; the term contrasts with machine authentication, which involves automated processes that do not require user input.

User authentication is performed in almost all human-to-computer interactions other than guest and automatically logged in accounts. Authentication authorizes human-to-machine interactions on both wired and wireless networks to enable access to networked and Internet connected systems and resources.

Traditionally, user authentication has typically consisted of a simple ID and password combination. Increasingly, however, more authentication factors are added to improve the security of communications.

 The main authentication factors are knowledge, possession and inherence:

User location is sometimes considered a fourth factor for authentication. The ubiquity of smartphones can help ease the burden here: Most smartphones are equipped with GPS, enabling reasonable surety confirmation of the login location. Lower surety measures include the MAC address of the login point or physical presence verifications through cards and other possession factor elements.

The use of at least one-factor of each of these four-factor types is considered four-factor authentication (4FA). Selecting four authentication factors out of two categories is only two-factor authentication (2FA) and, as such, less likely to add significantly to the security of the procedure.

The reliability of authentication is affected not only by the number of factors involved but also the specific technologies and the manner in which they are implemented. Well-designed and appropriately enforced implementation rules can help ensure the security of user authentication.

However, it’s also important not to overburden users with difficult authentication routines, which can lead to non-compliance that undermines the purpose. Multifactor authentication (MFA) with automatic processes can enhance security while minimizing the effort required by the user.

This was last updated in December 2014

Continue Reading About user authentication

Dig Deeper on Web authentication and access control